Bug in the hook causes users to get a generic message about an extension aborting their password reset, instead of telling them that they were prevented from the change because they were resetting their password to one that matched the hashes that were potentially compromised.
Version: wmf-deployment
Severity: normal