Normally, the password reset email is supposed to expire after 20 minutes. But the vendor has informed us there is a bug in the time stamp section of the code causing the reset emails to not expire for 4 hours.
This means that if for some reason a user doesn't receive the first password reset email (blocked by a spam filter, etc.) then they will not be able to successfully request another reset email for 4 hours. All requests for a password reset email up until the 4 hours have passed will be ignored by the application.
Appriss is aware this is a serious issue and they have it documented and ready to address in the next ICOTS release.
Just to be clear, this is only a problem if the user does not receive their first password reset email. Which is almost always caused when the email is either blocked or filtered by some sort of junk mail filter at the department level or in the user's inbox.
In all reported instances, as long as all emails from "firstname.lastname@example.org" have been white-listed by the user's email server, the password reset email is delivered successfully the next time a password reset is requested after the 4 hour time limit.
This issue does not affect users who have no issues receiving their password reset email.