diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index e4a48f2a84..4dcf128452 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -662,6 +662,7 @@ class acp_users
 								'user_passchg'	=> time(),
 							);
 
+							$user->reset_login_keys($user_id);
 							add_log('admin', 'LOG_USER_NEW_PASSWORD', $user_row['username']);
 							add_log('user', $user_id, 'LOG_USER_NEW_PASSWORD', $user_row['username']);
 						}
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index b885d81b31..f12332b4db 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -763,6 +763,29 @@ class session
 		
 		return false;
 	}
+
+	/**
+	* Reset all login keys for the specified user
+	*
+	* This method removes all current login keys for a specified (or the current)
+	* user. It will be called on password change to render old keys unusable
+	*/
+	function reset_login_keys($user_id = false)
+	{
+		global $config, $db;
+
+		$user_id = ($user_id === false) ? $this->data['user_id'] : $user_id;
+
+		$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' WHERE user_id = ' . (int) $user_id;
+		$db->sql_query($sql);
+
+		// We're changing the password of the current user and they have a key
+		// Lets regenerate it to be safe
+		if ($user_id === $this->data['user_id'] && $this->cookie_data['k'])
+		{
+			$this->set_login_key($user_id);
+		}
+	}
 }
 
 
diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php
index 55104a55c8..1232ae37f8 100644
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@@ -97,6 +97,7 @@ class ucp_profile
 
 						if ($auth->acl_get('u_chgpasswd') && $new_password && md5($new_password) != $user->data['user_password'])
 						{
+							$user->reset_login_keys();
 							add_log('admin', 'LOG_USER_NEW_PASSWORD', $username);
 							add_log('user', $user->data['user_id'], 'LOG_USER_NEW_PASSWORD', $username);
 						}