diff --git a/devttl-admin/src/main/java/com/devttl/web/controller/system/SysProfileController.java b/devttl-admin/src/main/java/com/devttl/web/controller/system/SysProfileController.java
index d7dbb1653..ab8fd94bc 100644
--- a/devttl-admin/src/main/java/com/devttl/web/controller/system/SysProfileController.java
+++ b/devttl-admin/src/main/java/com/devttl/web/controller/system/SysProfileController.java
@@ -96,7 +96,8 @@ public class SysProfileController extends BaseController
         String newPassword = params.get("newPassword");
         LoginUser loginUser = getLoginUser();
         Long userId = loginUser.getUserId();
-        String password = loginUser.getPassword();
+        SysUser user = userService.selectUserById(userId);
+        String password = user.getPassword();
         if (!SecurityUtils.matchesPassword(oldPassword, password))
         {
             return error("修改密码失败，旧密码错误");
diff --git a/devttl-common/src/main/java/com/devttl/common/core/domain/entity/SysUser.java b/devttl-common/src/main/java/com/devttl/common/core/domain/entity/SysUser.java
index 383da32ea..91f357eeb 100644
--- a/devttl-common/src/main/java/com/devttl/common/core/domain/entity/SysUser.java
+++ b/devttl-common/src/main/java/com/devttl/common/core/domain/entity/SysUser.java
@@ -2,6 +2,8 @@ package com.devttl.common.core.domain.entity;
 
 import java.util.Date;
 import java.util.List;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import jakarta.validation.constraints.*;
 import org.apache.commons.lang3.builder.ToStringBuilder;
 import org.apache.commons.lang3.builder.ToStringStyle;
@@ -200,6 +202,7 @@ public class SysUser extends BaseEntity
         this.avatar = avatar;
     }
 
+    @JsonIgnore
     public String getPassword()
     {
         return password;