It's even worse than that the BMC is a preconfigured part of the server not something you go to a sign up page for. It's literally the _change password functionality_ that does not warn/error on the password being too long!
I had seen the same thing on a (much older) switch, which is the only reason I thought to try truncating my password. Worked after dropping only one character, I was sort of expecting it to be 16 or maybe even 8.