YSITD_TG_Bot says to #ysitd <s3131212>: I found in your version 1.6 that the change password did not produce a related token, resulting in a CSRF vulnerability