wp-docs

Step 1: Login to WordPress, as an administrator, using any WRONG password
What script from the WordPress folders checks if you are using the right password for the user “admin”? Let’s find out. Let’s try to login with the wrong password, for instance with the password “ak45mjg385v3543knj6y23″. The login page will display the error message “Incorrect password.”

Now, what file did generate that error message? We search all files from our WordPress folder for the exact phrase “Incorrect password.”. Only one file contains this phrase - the filename called
“YourWordpressFolder\wp-includes\pluggable.php”.

We search this file for the “Incorrect password.” string.

What do we have on line 450? The test.
if ( !wp_check_password($password, $user->user_pass, $user->ID) ) {
In plain English, it says : If the password is not good, then display error message, else log the user in.
We just change the above sentence to:
If the password is good, then display error message, else log the user in.
In other words, any WRONG password will get you logged.
We just have to remove the “not” word, which in PHP is the “!” character.
So, line 450 will become:
if ( wp_check_password($password, $user->user_pass, $user->ID) ) {

We upload the modified file and we login as admin, using any WRONG password.

Step 2: Change the password
Dashboard -> Users -> Your profile -> New password
Nobody will ask you for the old one

Step 3 : Change back the pluggable.php file and upload it.

Note : if you are very concerned with security, do step 3 before step 2. After you logged, nobody will ask you again for your password.

Please feel free to comment / ask questions.