diff --git a/settings/ajax/lostpassword.php b/settings/ajax/lostpassword.php
index 2a40ba09a8ac3506af2050b0b5e191897b2db28b..af1a35fda4ae4b40da77575a83dd0170c44f2a93 100644
--- a/settings/ajax/lostpassword.php
+++ b/settings/ajax/lostpassword.php
@@ -4,6 +4,7 @@
 require_once '../../lib/base.php';
 OC_JSON::checkLoggedIn();
 OCP\JSON::callCheck();
+OC_JSON::verifyUser();
 
 $l=OC_L10N::get('core');