https://github.com/abpframework/abp/pull/17369/
https://support.abp.io/QA/Questions/5585/Critical-security-bug-Should-change-password-on-next-login-setting-bypasses-2FA-requirements