A UNIX target application changes passwords by issuing the "passwd" command, or whatever command is configured as the "Change Password Command" in the Script Processor section of the target application. This command typically issues a line or two of text before prompting for the current or new password, depending on whether it's a root account or not, and on whether the account changes its own password, or a master account is used to change the password of another account.
E.g. when a master account changes the password of another account, the response by the passwd command may look like this:
# passwd standarduser
Changing password for user standarduser.
The UNIX target application will issue the passwd command and then wait for a response matching the "Password Entry Prompt" regular expression defined in the Script Processor section of the target application. The problem is that the default expression, (?si)(.*?password(\sfor|:).*?), matches both the first and the second line of the response. If the response is not returned in a single string but line by line, the target application may send the password prematurely after receiving the first line, and then send it a second time in response to the first prompt for the new password. In that case it will fail to resend the new password when the passwd command asks for confirmation of the new password, and the update will fail.