Hi, When using password reset function an email is sent to the user in order to change the password. There is no limitation in number of password change requests a user can do and a malicious user could generate a number of requests and hence as many email to the victim's email inbox. This is a potential security risk. Is there a way to stop this ? -Vinay