diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/filters/AuthenticationRequestFilter.java b/li.strolch.rest/src/main/java/li/strolch/rest/filters/AuthenticationRequestFilter.java
index ec7ceaa29..190750503 100644
--- a/li.strolch.rest/src/main/java/li/strolch/rest/filters/AuthenticationRequestFilter.java
+++ b/li.strolch.rest/src/main/java/li/strolch/rest/filters/AuthenticationRequestFilter.java
@@ -237,7 +237,7 @@ public class AuthenticationRequestFilter implements ContainerRequestFilter {
 		if (certificate.getUsage() == Usage.SET_PASSWORD) {
 			if (!requestContext.getUriInfo().getMatchedURIs()
 					.contains("strolch/privilege/users/" + certificate.getUsername() + "/password")) {
-				requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED)
+				requestContext.abortWith(Response.status(Response.Status.FORBIDDEN)
 						.header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN).entity("Can only set password!")
 						.build());
 				return null;