diff --git a/bl-kernel/admin/controllers/user-password.php b/bl-kernel/admin/controllers/user-password.php
index 0f86abb7..8a7e8c9d 100644
--- a/bl-kernel/admin/controllers/user-password.php
+++ b/bl-kernel/admin/controllers/user-password.php
@@ -13,8 +13,14 @@
 // ============================================================================
 
 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+	// Prevent non-administrators to change other users
+	$username = $_POST['username'];
+	if ($login->role()!=='admin') {
+	    $username = $login->username();
+	}
+
 	if (changeUserPassword(array(
-		'username'=>$_POST['username'],
+		'username'=>$username,
 		'newPassword'=>$_POST['newPassword'],
 		'confirmPassword'=>$_POST['confirmPassword']
 	))) {