The code for Password confirm assumes that the site uses an MD5 hash. This means that if the site uses a more secure hash, the current password will never match what is in the password database. So for such sites, this module must be disabled or have a custom patch applied to use this module.