Resetting the user password via the email password reset flow does not unlock a locked account
1. User tries to login multiple times with a bad password, gets the account locked due to failed login attempts.
2. User resets the password following the email password reset flow.
3. The user still can't login because the account is still locked.
Steps to Reproduce
Reason for Variance
User Impact Summary
So, for PLAT-2456, you are saying, it is by design that anyone can lock an account for 24 hours by guessing an email address?
This isn't the right place for this report. I am going to close this ticket as well as PLAT-2456. Could you please go to this link and open a ticket with edx support: https://support.edx.org/hc/.