After upgrading instance to post Jakarta Patch 10 and post Kingston patch 8, Password Reset fails at very first step - cannot identify the user.
If custom Identification type & Identification processor are used on the instance, the issue is likely caused by the code changes that were introduced in PRB1184923.
To verify, navigate to:
Password Reset > Processes > open a process > open Identification type > open Identification processor >
In previous instance release, the return line in processForm function is:
return this.identify(request.getParameter('sysparm_user_id'), request.getParameter('sysparm_process_id'));
In latest release, the line has been changed to:
return this.identify(params.userInput, request.getParameter('sysparm_process_id'));
Update the custom Identification processor script, replace:
Please also check below Script Include records to see if there is any customization (that's based on old version):