diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java
index 8496142524c..0ad6886b3ec 100755
--- a/server/src/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/com/cloud/server/ManagementServerImpl.java
@@ -4900,11 +4900,15 @@ public class ManagementServerImpl implements ManagementServer {
 
     @Override
     public String getVMPassword(GetVMPasswordCmd cmd) {   	
-        Account account = UserContext.current().getCaller();
+        Account caller = UserContext.current().getCaller();
+        
         UserVmVO vm = _userVmDao.findById(cmd.getId());
-        if (vm == null || vm.getAccountId() != account.getAccountId()) {
+        if (vm == null) {
             throw new InvalidParameterValueException("No VM with id '" + cmd.getId() + "' found.");
         }
+        
+        //make permission check
+        _accountMgr.checkAccess(caller, vm);
             	
         _userVmDao.loadDetails(vm);
         String password = vm.getDetail("Encrypted.Password");