Change user password without the old one on macOS Catalina
You'll have to reboot the Mac in recovery mode, open a terminal, the issue the command "resetpassword". You will have to reset the password for every account on the system or it won't let you proceed.
The really horrible thing about this new Apple "security measure" is that it allows malware authors to create accounts on your computer that you can't delete unless you know the procedure I outlined in the above.
Followup:
The reason for this is because the account that you want to reset the password for has a Secure Token set. If the account was created at the GUI level or at the command line using "sysadminctl", and was created as an admin account, then it most definitely has a Secure Token set.
Followup #2:
Not all Macs will have the SecureToken enabled on all accounts, this is usually the case where the Mac originally came with some version of Mac OS prior to Catalina. No, root doesn't even have this token enabled. However, the SecureToken capability has been around since High Sierra and was set any time that Migration Assistant was used or if FileVault was ever enabled. If a Mac was upgraded to Catalina, the user who ran the upgrade will get the SecureToken set on their account even if somebody else has it too. Those users will be the only ones who can grant the token to other users or revoke it and this has to be done at the command line with sysadminctl, you will also need to know the password to any account that you intend to modify. As of Catalina, if you forget the password to any account with the SecureToken enabled, no other users can reset that account password unless you know the current password. In which case, you will have to reboot the Mac into recovery mode and reset the passwords for all user accounts. Thanks Apple! (NOT)
I tried using
sudo passed username
and was also asked for the old password for username. I was able to change username’s password by rebooting the computer, getting into the Users & Groups preference pane, unlocking it with the admin user ID and password, and clicking on the Change Password… button. No old password required.
The restart was the only way I knew to log out username. If username had not been logged in at the time, I would have been able to do this without a reboot.