Public CVE-2018-1000553 disclosure

Trovebox version <= 4.0.0-rc6 contains a Unsafe password reset token generation vulnerability in user component that can result in Password reset. This attack appear to be exploitable via HTTP request....