diff --git a/test/private-api/register-and-login.e2e-spec.ts b/test/private-api/register-and-login.e2e-spec.ts
index 62e74bd6f..132fac5c4 100644
--- a/test/private-api/register-and-login.e2e-spec.ts
+++ b/test/private-api/register-and-login.e2e-spec.ts
@@ -85,6 +85,20 @@ describe('Register and Login', () => {
       .expect(409);
   });
 
+  test('a user cannot create a local account with a weak password', async () => {
+    // register a new user
+    const registrationDto: RegisterDto = {
+      displayName: DISPLAYNAME,
+      password: 'test123',
+      username: USERNAME,
+    };
+    await request(testSetup.app.getHttpServer())
+      .post('/api/private/auth/local')
+      .set('Content-Type', 'application/json')
+      .send(JSON.stringify(registrationDto))
+      .expect(400);
+  });
+
   test('a user can create a local account and change the password', async () => {
     // register a new user
     const registrationDto: RegisterDto = {
@@ -140,4 +154,43 @@ describe('Register and Login', () => {
     // allowed to request profile now
     await session.get('/api/private/me').expect(200);
   });
+
+  test('a user can create a local account and cannot change the password to a weak one', async () => {
+    // register a new user
+    const registrationDto: RegisterDto = {
+      displayName: DISPLAYNAME,
+      password: PASSWORD,
+      username: USERNAME,
+    };
+    await request(testSetup.app.getHttpServer())
+      .post('/api/private/auth/local')
+      .set('Content-Type', 'application/json')
+      .send(JSON.stringify(registrationDto))
+      .expect(201);
+
+    // log in with the new user and create a session
+    const loginDto: LoginDto = {
+      password: PASSWORD,
+      username: USERNAME,
+    };
+    const newPassword = 'pasword1';
+    const session = request.agent(testSetup.app.getHttpServer());
+    await session
+      .post('/api/private/auth/local/login')
+      .set('Content-Type', 'application/json')
+      .send(JSON.stringify(loginDto))
+      .expect(201);
+
+    // change the password
+    await session
+      .put('/api/private/auth/local')
+      .set('Content-Type', 'application/json')
+      .send(
+        JSON.stringify({
+          currentPassword: PASSWORD,
+          newPassword: newPassword,
+        }),
+      )
+      .expect(400);
+  });
 });