The password reset form does not include domain information, or set the domain when resetting the password. This causes problems with the LDAP authentication plugin when passwords are reset.
After the user's password is reset they are logged in, but their session does not have wsDomain set, leading to strange behavior.
Version: unspecified
Severity: enhancement