I was the one tested on version 2.3. i found same the return message is "Enter Old Password:" and i try put known users in ISE with blank password. i found return message is "% Authentication failed. " I think that is a vulnerability for those who do...