[CVE-2023-32302] Require password field to be non-empty

src/Security/Member.php

@@ -731,7 +731,7 @@ class Member extends DataObject
             $password->setRequireExistingPassword(true);
         }
 
-        $password->setCanBeEmpty(true);
+        $password->setCanBeEmpty(false);
         $this->extend('updateMemberPasswordField', $password);
 
         return $password;