The user password reset form does not specify a proper cache context, which can lead to cache poisoning and unwanted content on the page.
The user password reset form does not specify a proper cache context, which can lead to cache poisoning and unwanted content on the page.
https://www.drupal.org/SA-CORE-2016-005