Testing for weak password change or reset functionalities (OWASP-AT-011)