diff --git a/pkg/query-service/app/http_handler.go b/pkg/query-service/app/http_handler.go
index 16b741e572..964850cbf8 100644
--- a/pkg/query-service/app/http_handler.go
+++ b/pkg/query-service/app/http_handler.go
@@ -2363,10 +2363,9 @@ func (aH *APIHandler) changePassword(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if err := auth.ChangePassword(context.Background(), req); err != nil {
-		if aH.HandleError(w, err, http.StatusInternalServerError) {
-			return
-		}
+	if apiErr := auth.ChangePassword(context.Background(), req); apiErr != nil {
+		RespondError(w, apiErr, nil)
+		return
 
 	}
 	aH.WriteJSON(w, r, map[string]string{"data": "password changed successfully"})
diff --git a/pkg/query-service/auth/auth.go b/pkg/query-service/auth/auth.go
index 6b96a6da85..e307f401ab 100644
--- a/pkg/query-service/auth/auth.go
+++ b/pkg/query-service/auth/auth.go
@@ -234,24 +234,23 @@ func ResetPassword(ctx context.Context, req *model.ResetPasswordRequest) error {
 	return nil
 }
 
-func ChangePassword(ctx context.Context, req *model.ChangePasswordRequest) error {
-
+func ChangePassword(ctx context.Context, req *model.ChangePasswordRequest) *model.ApiError {
 	user, apiErr := dao.DB().GetUser(ctx, req.UserId)
 	if apiErr != nil {
-		return errors.Wrap(apiErr.Err, "failed to query user from the DB")
+		return apiErr
 	}
 
 	if user == nil || !passwordMatch(user.Password, req.OldPassword) {
-		return ErrorInvalidCreds
+		return model.ForbiddenError(ErrorInvalidCreds)
 	}
 
 	hash, err := PasswordHash(req.NewPassword)
 	if err != nil {
-		return errors.Wrap(err, "Failed to generate password hash")
+		return model.InternalError(errors.New("Failed to generate password hash"))
 	}
 
 	if apiErr := dao.DB().UpdateUserPassword(ctx, hash, user.Id); apiErr != nil {
-		return apiErr.Err
+		return apiErr
 	}
 
 	return nil
diff --git a/pkg/query-service/model/response.go b/pkg/query-service/model/response.go
index a8e09b9d6e..1f3970e0d4 100644
--- a/pkg/query-service/model/response.go
+++ b/pkg/query-service/model/response.go
@@ -112,6 +112,13 @@ func UnavailableError(err error) *ApiError {
 	}
 }
 
+func ForbiddenError(err error) *ApiError {
+	return &ApiError{
+		Typ: ErrorForbidden,
+		Err: err,
+	}
+}
+
 func WrapApiError(err *ApiError, msg string) *ApiError {
 	return &ApiError{
 		Typ: err.Type(),