Unable to reproduce the message about too many redirects. However, the option 'Require Password Reset' for a front end user does not change the login behaviour at the front end. In other words, the user is not forced to reset the password to be able to continue the session, as it used to be. At the back end the option 'Require Password Reset' remains turned on and the user listing shows 'Password Reset Required' under the name of user in the Name column.

Thanks for confirming Toivo,
Maybe the message is generated due to my setup. The site is set up for registered users only, and has a hidden log in menu item set to public, The log out menu item is set to registered clicking on the log out menu item is when the message occurs on my site.

That's your problem. When you logout where are you directing people to?

Log out is redirected to the log in form. which does not create any redirect issue normally.

I can reproduce this error.

Steps to reproduce the issue

The user option "reset password required" is enabled. (image 1)
There is no menu item profile defined in the menu "for members" (the absence of this menu item causes the error: too many redirects if the user logs out before entering the new password. If this menu item is enabled then the error does not appear).
Login option refers to "Members menu" with menu item: "Members only". (image 2)
Logout option refers to the home page. (image 3)

Expected result

As soon as the user logs in, the "Set password required" page is displayed, which means that information should not be visible to members whose new password has not been re-entered and validated.

Actual result

The user first sees the complete entire "Members Only" page including the defined modules on that page. (data breach?)
The user must first click on a link on that page. Only then will the screen appear: "Password reset required".
The user is listed as "logged in" in the admin console. (???)
If the menu item "Reset password" is not enabled and the user logs out before resetting the password, the error "ERR_TOO_MANY_REDIRECTS" occurs.
I do not find it acceptable that member information is shown before the password reset procedure is completed.

The website has just been upgraded from version 3.10.11 to 4.3.2. In 3.10.11 this worked flawlessly.

System information

HP gebouwd op Linux linux2029.webawere.nl 4.18.0-305.17.1.lve.el8.x86_64 #1 SMP Wed Sep 8 06:07:49 EDT 2021 x86_64
Databasetype mysql
Database versie 10.6.13-MariaDB
Database collatie latin1_swedish_ci
Collatie van de databaseverbinding utf8mb3_general_ci
Database verbinding versleuteling Geen
Databaseserver ondersteunt verbindingsversleuteling Nee
PHP versie 8.1.18
Webserver LiteSpeed
Webserver naar PHP interface litespeed
Joomla! versie Joomla! 4.3.2 Stable [ Bora ] 30-May-2023 16:00 GMT
Gebruikersagent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36

Please see also: #39895

Simular: #38788

This problem has been reported several times since Joomla 4.2 yet it does not get a bug tag or anyone trying to work to remedy it.
What does it take to elevate this to a problem that a developer will look into it?

I can confirm this. Suggest it's a priority.

Redirect loop occurs when privacy consent expired and MFA enabled on my Super User Account. Logging in to frontend should go to User Profile page to accept privacy consent but redirect loop occurs. User is actually logged in but can't do anything due to redirect loop/expired privacy consent.

Work around: Disable MFA in admin, login to frontend, accept privacy consent, logout of frontend, reset MFA on the account in Admin.

Joomla 5.0.2 (b/c plugin enabled)
PHP 8.2.9
Maria-db 10.6.15-live

Hope this helps

John V