Security issue in request for lost password
The password reset token could be manipulated to contain wild cards, allowing an attacker to retrieve tokens of other users.
Upgrade to the latest available OTRS patch level (https://ftp.otrs.org/pub/otrs/).
As a workaround, you can replace the affected files (see below for download).
ATTENTION: Please check if any of these files have been changed in your OTRS installation by additional add-ons. In that case you MUST NOT simply overwrite the files with the ones provided below. Please contact us instead.