diff --git a/src/routes/oauth2.js b/src/routes/oauth2.js
index ff8dbf698..77d7291ce 100644
--- a/src/routes/oauth2.js
+++ b/src/routes/oauth2.js
@@ -316,6 +316,7 @@ function passwordReset(req, res, next) {
 
         // setPassword clears the resetToken
         user.setPassword(userObject.id, req.body.password, function (error, result) {
+            if (error && error.reason === UserError.BAD_PASSWORD) return next(new HttpError(406, 'Password does not meet the requirements'));
             if (error) return next(new HttpError(500, error));
 
             res.redirect(util.format('%s?accessToken=%s&expiresAt=%s', config.adminOrigin(), result.token, result.expiresAt));
diff --git a/src/routes/test/oauth2-test.js b/src/routes/test/oauth2-test.js
index 81b97936e..17f54a87d 100644
--- a/src/routes/test/oauth2-test.js
+++ b/src/routes/test/oauth2-test.js
@@ -1407,6 +1407,15 @@ describe('Password', function () {
             });
         });
 
+        it('fails due to weak password', function (done) {
+            superagent.post(SERVER_URL + '/api/v1/session/password/reset')
+            .send({ password: 'foobar', resetToken: USER_0.resetToken })
+            .end(function (error, result) {
+                expect(result.statusCode).to.equal(406);
+                done();
+            });
+        });
+
         it('succeeds', function (done) {
             var scope = nock(config.adminOrigin())
                 .filteringPath(function (path) {