Customer is using security.xml export/import APIs as following. And after the exported security.xml is imported into the target, it is noticed that the original passwords for admin and access-admin users become invalid.
Other observation: LDAP credentials are working fine. And the password for another local user(with admin priv) in the target did not become invalid in the same import.
This issue exists with and without 'overwrite=true' flag in the above import api(POST)
This issue behavior did not exist in 6.5.x