Funny story - I had an old short-length insecure password on a website that I hadn't used for years.
I decided to log in and change it to a randomly generated secure password. However, they had upgraded their off the shelf software some time over the last 4-5 years to a newer version.
The problem was, on their password change page the "new password" field had a minimum length of 8 characters, however the "OLD password" field also had that exact same requirement.
So I put in:
* Old: 12345
* New: 717&t!1XFCWJWk!q@ut3B
* Confirm: 717&t!1XFCWJWk!q@ut3B
And got an error "your password must be 8 characters or greater".
After swearing a few times, I breakpointed and edited the javascript validation to remove the length requirement and submitted the change again - this time got a server-side error saying the same thing.
I ended up beating it by logging out, clicking "I've forgot my password" and resetting it via email.
I had a similar experience with a city bill pay website, except in this situation it was a new account and they simply didn't prevent me from setting the password to something long in the first place, so once my account was created I wasn't allowed in. And because you need to log in once to verify your email, I couldn't reset the damn thing either.
According to them, it's impossible for your mothers maiden name to have less than six characters :/