Password validation is not working properly. You can change admin password in admin interface to contain chars so that you can't login afterwards or change (wrong old password error) admin password again.
One case I tested:
Change admin password from 'dolphin' to 'dol"phin' (works fine)
Now it wont let you login.
On my site I have the case that I can't change admin password in admin interface (wrong old password). I can change it in edit profile.