diff --git a/bonus-auth/src/main/java/com/bonus/auth/service/PasswordValidatorService.java b/bonus-auth/src/main/java/com/bonus/auth/service/PasswordValidatorService.java
index 8adff10..3cdb006 100644
--- a/bonus-auth/src/main/java/com/bonus/auth/service/PasswordValidatorService.java
+++ b/bonus-auth/src/main/java/com/bonus/auth/service/PasswordValidatorService.java
@@ -8,6 +8,7 @@ import com.bonus.common.core.exception.CaptchaException;
 import com.bonus.common.core.exception.ServiceException;
 import com.bonus.common.core.text.Convert;
 import com.bonus.common.core.utils.StringUtils;
+import com.bonus.common.core.utils.encryption.Sm4Utils;
 import com.bonus.common.core.utils.ip.IpUtils;
 import com.bonus.common.core.web.domain.AjaxResult;
 import com.bonus.common.redis.service.RedisService;
@@ -47,10 +48,11 @@ public class PasswordValidatorService {
      * 对新密码进行校验，返回布尔值表示密码是否符合要求。
      *
      * @param username    用户名，不能包含在密码中
-     * @param newPassword 新密码
+     * @param decryptedNewPassword 新密码
      * @return 如果密码符合策略要求，则返回 AjaxResult.success，否则返回错误提示
      */
-    public AjaxResult validatePassword(String username, String newPassword) {
+    public AjaxResult validatePassword(String username, String decryptedNewPassword) {
+        String newPassword = Sm4Utils.decrypt(decryptedNewPassword);
         if (!isPasswordLengthValid(newPassword)) {
             return AjaxResult.error("密码长度应为" + systemConfig.getPasswordConfig().getMinLength() + "至" + systemConfig.getPasswordConfig().getMaxLength() + "位！");
         }
diff --git a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/PasswordValidatorServiceImpl.java b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/PasswordValidatorServiceImpl.java
index 2e6063f..248d80b 100644
--- a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/PasswordValidatorServiceImpl.java
+++ b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/PasswordValidatorServiceImpl.java
@@ -1,6 +1,7 @@
 package com.bonus.system.service.impl;
 
 import com.bonus.common.core.utils.DateUtils;
+import com.bonus.common.core.utils.encryption.Sm4Utils;
 import com.bonus.common.core.web.domain.AjaxResult;
 import com.bonus.common.security.utils.SecurityUtils;
 import com.bonus.config.SystemConfig;
@@ -31,7 +32,9 @@ public class PasswordValidatorServiceImpl implements PasswordValidatorService {
     private PasswordValidatorMapper passwordValidatorMapper;
 
     @Override
-    public AjaxResult validatePassword(Long userId, String username, String oldPassword, String newPassword) {
+    public AjaxResult validatePassword(Long userId, String username, String decryptedOldPassword, String decryptedNewPassword) {
+        String oldPassword = Sm4Utils.decrypt(decryptedOldPassword);
+        String newPassword = Sm4Utils.decrypt(decryptedNewPassword);
         // 1. 检查密码长度
         if (!isPasswordLengthValid(newPassword)) {
             return AjaxResult.error("密码长度应为" + systemConfig.getPasswordConfig().getMinLength() + "至" + systemConfig.getPasswordConfig().getMaxLength() + "位！");