A password change in Confluence will update the database but not the user cache. This causes problems when the user is updated while the unmodified object is still held in the cache and therefore will persist the old password hash again.