Problem/Motivation
7.x port of #992540: Nothing clears the "5 failed login attempts" security message when a user resets their own password (8.3.x & 8.4.x)
If a user forgets their password and tries to log in 5 times then they get blocked by flood control. They can now use the password reset functionality per email, but once they log out shortly after that they are still blocked when trying to log in again.
Proposed resolution
Clear the user specific flood events once they used the password recet functionality so that they are able to normally log in again. Do not clear IP address specific flood events because then an attacker with a valid account could clear flood events for victim user accounts.
Remaining tasks
Update and review the patch.
