Self Service Password Reset
SSPR 3.x up to and including 126.96.36.199
The issue has been assigned CVE-2016-1599.
Apply SSPR 3.3.1 HF2 or later.
Micro Focus Bug 967461.