diff --git a/django/contrib/auth/common-passwords.txt.gz b/django/contrib/auth/common-passwords.txt.gz
index 87cdd596f4..e758dbe9a7 100644
Binary files a/django/contrib/auth/common-passwords.txt.gz and b/django/contrib/auth/common-passwords.txt.gz differ
diff --git a/django/contrib/auth/password_validation.py b/django/contrib/auth/password_validation.py
index d270ab7173..948ded6dbc 100644
--- a/django/contrib/auth/password_validation.py
+++ b/django/contrib/auth/password_validation.py
@@ -161,9 +161,11 @@ class CommonPasswordValidator:
     """
     Validate whether the password is a common password.
 
-    The password is rejected if it occurs in a provided list, which may be gzipped.
-    The list Django ships with contains 20000 common passwords, created by
-    Royce Williams: https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7
+    The password is rejected if it occurs in a provided list of passwords,
+    which may be gzipped. The list Django ships with contains 20000 common
+    passwords (lowercased and deduplicated), created by Royce Williams:
+    https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7
+    The password list must be lowercased to match the comparison in validate().
     """
     DEFAULT_PASSWORD_LIST_PATH = Path(__file__).resolve().parent / 'common-passwords.txt.gz'
 
diff --git a/docs/releases/2.1.4.txt b/docs/releases/2.1.4.txt
index 274b5ede07..6f05a04357 100644
--- a/docs/releases/2.1.4.txt
+++ b/docs/releases/2.1.4.txt
@@ -9,4 +9,6 @@ Django 2.1.4 fixes several bugs in 2.1.3.
 Bugfixes
 ========
 
-* ...
+* Corrected the default password list that ``CommonPasswordValidator`` uses by
+  lowercasing all passwords to match the format expected by the validator
+  (:ticket:`29952`).
diff --git a/tests/auth_tests/test_validators.py b/tests/auth_tests/test_validators.py
index e50da39663..b29f64766b 100644
--- a/tests/auth_tests/test_validators.py
+++ b/tests/auth_tests/test_validators.py
@@ -202,6 +202,11 @@ class CommonPasswordValidatorTest(TestCase):
         self.assertEqual(cm.exception.messages, [expected_error])
         self.assertEqual(cm.exception.error_list[0].code, 'password_too_common')
 
+    def test_validate_django_supplied_file(self):
+        validator = CommonPasswordValidator()
+        for password in validator.passwords:
+            self.assertEqual(password, password.lower())
+
     def test_help_text(self):
         self.assertEqual(
             CommonPasswordValidator().get_help_text(),