Multiple Authenticators prevent Member password change

[t3hn0]

We use LDAP on most of our projects and they're all experiencing same problem - Members cannot change their password for CMS in Security section. Validator reports their entered old password is incorrect every time user tries to change their password .

The problem lies in class ConfirmedPasswordField in method validate.
When getRequireExistingPassword() returns true (it's true when user is changing his own password) code loops through all validators and checks if user has entered correct password:

          // With a valid user and password, check the password is correct
          $authenticators = Security::singleton()->getApplicableAuthenticators(Authenticator::CHECK_PASSWORD);
          foreach ($authenticators as $authenticator) {
              $checkResult = $authenticator->checkPassword($member, $this->currentPasswordValue);
              if (!$checkResult->isValid()) {
                  $validator->validationError(
                      $name,
                      _t(
                          __CLASS__ . '.CURRENT_PASSWORD_ERROR',
                          "The current password you have entered is not correct."
                      ),
                      "validation"
                  );
                  return false;
              }
          }

To pass this validation, user should have the same password in all registered Authenticators which provide service Authenticator::CHECK_PASSWORD.

Since this field is here only for SilverStripe\Security\MemberAuthenticator\MemberAuthenticator it shouldn't loop through other Authenticators. Either this loop shouldn't exist here or it should be set which Authenticators should field use in the first place (when creating field).

Affected Version

SS4/SS5 framework

Steps to Reproduce

Install SS with extra authenticator (like https://github.com/silverstripe/silverstripe-ldap).
Create admin user in CMS and set its password.
Log in CMS with created user and try to change password.