if state: modify and the username don't exist, module creates a new user. Which can be a security issue.

[doharvey]

I'm not a developer, but based on the discussion at https://github.com/IBM/ansible-power-aix/pull/294, if we try to change the password of an existing user with a misspelled username, Ansible will create a new user with the misspelled name.

This is a security concern because it could allow hackers to request a password change on an intentionally misspelled username, potentially gaining unauthorized access by creating a new user in the system.

This could be an issue when implementing a self-service portal for password changes.

[nitismis]

We are removing state: modify in user module. If that helps.