In Openmrs we have a validate password method in OpenmrsUtil.java
If password is empty or if it matches to username when the security.passwordCannotMatchUsername property is set to true we are raising a WeakPasswordException.
In weak password exception we are not getting the translated message
so the response is returning as is.
For the remaining validations we are translating the key and returning