Registration flow with an existing email and an insecure password returns only insecure password error

[maylukas]

Preflight checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions.
• [X] I agree to follow this project's Code of Conduct.
• [X] I have read and am following this repository's Contribution Guidelines.
• [ ] This issue affects my Ory Network project.
• [ ] I have joined the Ory Community Slack.
• [ ] I am signed up to the Ory Security Patch Newsletter.

Describe the bug

When submitting a verification flow with an existing email and an insecure password, the flow only returns the error that the password is insecure:

   "id":4000005,
   "text":"The password can not be used because the password has been found in data breaches and must no longer be used.",
   "type":"error",
   "context":{
      "reason":"the password has been found in data breaches and must no longer be used"
   }
}

If the verification flow is submitted with an existing email and a secure but invalid password (does not match the credentials stored) the expected error is returned:

{
   "id":4000007,
   "text":"An account with the same identifier (email, phone, username, ...) exists already.",
   "type":"error",
   "context":{

   }
}

Reproducing the bug

• Run Kratos v0.11.1 with the check against the "Have I been pwned?" database enabled
• Register an identity
• Create a new registration flow
• Submit the registration flow with the email of the identity created before and a password of "Test1234"

Relevant log output

No response

Relevant configuration

No response

Version

0.11.1

On which operating system are you observing this issue?

None

In which environment are you deploying?

None

Additional Context

No response

[dextercodo]

Did you manage to find a solution for this? And if so, you mind shedding some light? Thanks