Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5
and 2.5.1 Release Candidate allows attackers to reset the passwords of other
users, related to "an erroneous security declaration."
According to info in upstream advisory, 2.5* (FC-5 and devel) are affected,
2.1.* (FC-3 and FC-4) not.
Fixed and updated, thanks