diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb
index 6fa635d0e36..780f47d9960 100644
--- a/app/controllers/profiles_controller.rb
+++ b/app/controllers/profiles_controller.rb
@@ -33,7 +33,14 @@ class ProfilesController < ApplicationController
   end
 
   def update_password
-    params[:user].reject!{ |k, v| k != "password" && k != "password_confirmation"}
+    params[:user].select! do |key, value|
+      %w(current_password password password_confirmation).include?(key.to_s)
+    end
+
+    unless @user.valid_password?(params[:user][:current_password])
+      redirect_to account_profile_path, alert: 'You must provide a valid current password'
+      return
+    end
 
     if @user.update_attributes(params[:user])
       flash[:notice] = "Password was successfully updated. Please login with it"
diff --git a/app/views/profiles/account.html.haml b/app/views/profiles/account.html.haml
index 8f43db66249..42c7ec051cb 100644
--- a/app/views/profiles/account.html.haml
+++ b/app/views/profiles/account.html.haml
@@ -57,24 +57,33 @@
       .tab-pane#tab-password
         %fieldset.update-password
           %legend Password
-          = form_for @user, url: update_password_profile_path, method: :put do |f|
-            %div
-              %p.slead After a successful password update you will be redirected to login page where you should login with your new password
-              -if @user.errors.any?
-                .alert.alert-error
-                  %ul
-                    - @user.errors.full_messages.each do |msg|
-                      %li= msg
-              .control-group
-                = f.label :password
-                .controls= f.password_field :password, required: true
-              .control-group
-                = f.label :password_confirmation
-                .controls
-                  = f.password_field :password_confirmation, required: true
-              .control-group
-                .controls
-                  = f.submit 'Save password', class: "btn btn-save"
+          - if current_user.ldap_user?
+            %h3.nothing_here_message Not available for LDAP user
+          - else
+            = form_for @user, url: update_password_profile_path, method: :put do |f|
+              %div
+                %p.slead
+                  You must provide current password in order to change it.
+                  %br
+                  After a successful password update you will be redirected to login page where you should login with your new password
+                -if @user.errors.any?
+                  .alert.alert-error
+                    %ul
+                      - @user.errors.full_messages.each do |msg|
+                        %li= msg
+                .control-group
+                  = f.label :current_password, class: 'cgreen'
+                  .controls= f.password_field :current_password, required: true
+                .control-group
+                  = f.label :password, 'New password'
+                  .controls= f.password_field :password, required: true
+                .control-group
+                  = f.label :password_confirmation
+                  .controls
+                    = f.password_field :password_confirmation, required: true
+                .control-group
+                  .controls
+                    = f.submit 'Save password', class: "btn btn-save"
 
       - if show_profile_social_tab?
         .tab-pane#tab-social
diff --git a/features/profile/profile.feature b/features/profile/profile.feature
index 3b61552a73d..c74b0993fb3 100644
--- a/features/profile/profile.feature
+++ b/features/profile/profile.feature
@@ -11,6 +11,12 @@ Feature: Profile
     Then I change my contact info
     And I should see new contact info
 
+  Scenario: I change my password without old one
+    Given I visit profile account page
+    When I try change my password w/o old one
+    Then I should see a missing password error message
+    And I should be redirected to account page
+
   Scenario: I change my password
     Given I visit profile account page
     Then I change my password
diff --git a/features/steps/profile/profile.rb b/features/steps/profile/profile.rb
index 6944977c3ff..5b2a6321265 100644
--- a/features/steps/profile/profile.rb
+++ b/features/steps/profile/profile.rb
@@ -22,8 +22,17 @@ class Profile < Spinach::FeatureSteps
     @user.twitter.should == 'testtwitter'
   end
 
+  step 'I try change my password w/o old one' do
+    within '.update-password' do
+      fill_in "user_password", with: "222333"
+      fill_in "user_password_confirmation", with: "222333"
+      click_button "Save"
+    end
+  end
+
   step 'I change my password' do
     within '.update-password' do
+      fill_in "user_current_password", with: "123456"
       fill_in "user_password", with: "222333"
       fill_in "user_password_confirmation", with: "222333"
       click_button "Save"
@@ -32,12 +41,17 @@ class Profile < Spinach::FeatureSteps
 
   step 'I unsuccessfully change my password' do
     within '.update-password' do
+      fill_in "user_current_password", with: "123456"
       fill_in "user_password", with: "password"
       fill_in "user_password_confirmation", with: "confirmation"
       click_button "Save"
     end
   end
 
+  step "I should see a missing password error message" do
+    page.should have_content "You must provide a valid current password"
+  end
+
   step "I should see a password error message" do
     page.should have_content "Password doesn't match confirmation"
   end
@@ -110,6 +124,10 @@ class Profile < Spinach::FeatureSteps
     current_path.should == new_user_session_path
   end
 
+  step 'I should be redirected to account page' do
+    current_path.should == account_profile_path
+  end
+
   step 'I click on my profile picture' do
     click_link 'profile-pic'
   end