diff --git a/classes/userhelper.php b/classes/userhelper.php
index caa32a36e..7008bf62c 100644
--- a/classes/userhelper.php
+++ b/classes/userhelper.php
@@ -362,18 +362,14 @@ class UserHelper {
 		return null;
 	}
 
-	static function is_default_password(): bool {
-
-		/** @var Auth_Internal|false $authenticator -- this is only here to make check_password() visible to static analyzer */
-		$authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
-
-		if ($authenticator &&
-                method_exists($authenticator, "check_password") &&
-                $authenticator->check_password($_SESSION["uid"], "password")) {
-
-			return true;
-		}
-		return false;
+	/**
+	 * @param null|int $owner_uid if null, checks current user via session-specific auth module, if set works on internal database only
+	 * @return bool
+	 * @throws PDOException
+	 * @throws Exception
+	 */
+	static function is_default_password(?int $owner_uid = null): bool {
+		return self::user_has_password($owner_uid, 'password');
 	}
 
 	/**
@@ -492,4 +488,30 @@ class UserHelper {
 
 		return false;
 	}
+
+	/**
+	 * @param null|int $owner_uid if null, checks current user via session-specific auth module, if set works on internal database only
+	 * @param string $password password to compare hash against
+	 * @return bool
+	 */
+	static function user_has_password(?int $owner_uid = null, string $password) : bool {
+		if ($owner_uid) {
+			$authenticator = new Auth_Internal();
+
+			return $authenticator->check_password($owner_uid, $password);
+		} else {
+			/** @var Auth_Internal|false $authenticator -- this is only here to make check_password() visible to static analyzer */
+			$authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
+
+			if ($authenticator &&
+						method_exists($authenticator, "check_password") &&
+						$authenticator->check_password($_SESSION["uid"], $password)) {
+
+				return true;
+			}
+		}
+
+		return false;
+	}
+
 }
diff --git a/update.php b/update.php
index d63706b86..5e31c805b 100755
--- a/update.php
+++ b/update.php
@@ -101,6 +101,7 @@
 		"user-list" => "list all users",
 		"user-add:" => ["USER[:PASSWORD[:ACCESS_LEVEL=0]]", "add USER, prompts for password if unset"],
 		"user-remove:" => ["USERNAME", "remove USER"],
+		"user-check-password:" => ["USER:PASSWORD", "returns 0 if user has specified PASSWORD"],
 		"user-set-password:" => ["USER:PASSWORD", "sets PASSWORD of specified USER"],
 		"user-set-access-level:" => ["USER:LEVEL", "sets access LEVEL of specified USER"],
 		"user-exists:" => ["USER", "returns 0 if specified USER exists in the database"],
@@ -535,6 +536,21 @@
 			exit(1);
 	}
 
+	if (isset($options["user-check-password"])) {
+		list ($login, $password) = explode(":", $options["user-check-password"], 2);
+
+		$uid = UserHelper::find_user_by_login($login);
+
+		if (!$uid) {
+			Debug::log("Error: User not found: $login");
+			exit(1);
+		}
+
+		$rc = UserHelper::user_has_password($uid, $password);
+
+		exit($rc ? 0 : 1);
+	}
+
 	PluginHost::getInstance()->run_commands($options);
 
 	if (file_exists(Config::get(Config::LOCK_DIRECTORY) . "/$lock_filename"))