Shoutout to @iesmail at D-Tree for reporting this issue and helping us to investigate it’s cause.
CHT-Core v3.5 introduced that regression 14 months ago. If you’ve been running v3.5 or above for close to a year, this bug could cause some significant opertional concerns particularly if users don’t know their passwords. If you’re having trouble urgently prioritising this upgrade, please reach out since workarounds are available and may be the best immediate mitigation.