diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index ec9ecba03..486b313a8 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -145,7 +145,8 @@ class UsersController < ApplicationController
   end
 
   def update
-    if params[:user][:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?)
+    update_password = params[:user][:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?)
+    if update_password
       @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation]
     end
     @user.safe_attributes = params[:user]
@@ -159,8 +160,12 @@ class UsersController < ApplicationController
 
       if was_activated
         Mailer.deliver_account_activated(@user)
-      elsif @user.active? && params[:send_information] && @user != User.current
-        Mailer.deliver_account_information(@user, @user.password)
+      elsif @user.active? && @user != User.current
+        if params[:send_information]
+          Mailer.deliver_account_information(@user, @user.password)
+        elsif update_password
+          Mailer.deliver_password_updated(@user, User.current)
+        end
       end
 
       respond_to do |format|
diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb
index 846a85cd5..e7cf83f85 100644
--- a/test/functional/users_controller_test.rb
+++ b/test/functional/users_controller_test.rb
@@ -22,7 +22,7 @@ require File.expand_path('../../test_helper', __FILE__)
 class UsersControllerTest < Redmine::ControllerTest
   include Redmine::I18n
 
-  fixtures :users, :email_addresses, :projects, :members, :member_roles, :roles,
+  fixtures :users, :user_preferences, :email_addresses, :projects, :members, :member_roles, :roles,
            :custom_fields, :custom_values, :groups_users,
            :auth_sources,
            :enabled_modules,
@@ -516,6 +516,24 @@ class UsersControllerTest < Redmine::ControllerTest
     assert_mail_body_match 'newpass123', mail
   end
 
+  def test_update_with_password_change_by_admin_should_send_a_security_notification
+    with_settings :bcc_recipients => '0' do
+      ActionMailer::Base.deliveries.clear
+      user = User.find_by_login('jsmith')
+
+      put :update, :params => {
+        :id => user.id,
+        :user => {:password => 'newpass123', :password_confirmation => 'newpass123'}
+      }
+
+      assert_equal 1, ActionMailer::Base.deliveries.size
+      mail = ActionMailer::Base.deliveries.last
+      assert_equal [user.mail], mail.to
+      assert_match 'Security notification', mail.subject
+      assert_mail_body_match 'Your password has been changed.', mail
+    end
+  end
+
   def test_update_with_generate_password_should_email_the_password
     ActionMailer::Base.deliveries.clear
     Setting.bcc_recipients = '1'