Weak password policy

Hi team, i get to know that you are using strong password policy. i gone through application and checked for that. and get to know that as per ISO9001 security compliance weak password policy. #Steps : 1) signup with https://hosted.weblate.org/ with password vikas@123 2) forget password and change to some other password 3) change again to vikas@123 it will allow. as per strong password security last 5 used password should not allowed from application, #Scenario: if by mistake attacker get to know victim's password and then only victim will change password. again victim changed and he changed to same password that will not always good policy. Thanks.