With strict password validation being enabled by default (and also have a password validation plugin enabled), changing a password will break replication.

SET PASSWORD FOR 'w'@'localhost' = PASSWORD('PLAINtext-password!!99');

Last_SQL_Error: Error 'The MariaDB server is running with the --strict-password-validation option so it cannot execute this statement' on query. Default database: ''. Query: 'SET PASSWORD FOR 'w'@'localhost'='*4045DC6C4FBF96E66F67118A73C6A85EB2BF28A9''

The password is written to the binary log as a hash, which strict password validation prevents.

A possible workaround seems to be to disable strict password validation and then re-enable it after the password change events:

STOP SLAVE;

SET GLOBAL strict_password_validation = OFF;

START SLAVE;

-- wait

SET GLOBAL strict_password_validation = ON;

It seems like there should be a "exemption" of some sort in the password validation plugins to allow these events from a master so slaves don't break.