There is a security flaw in WordPress 2.8.3 which allows the admin password to be reset via a browser GET request. This will temporarily lock out admins from their site. It is a flaw in the password reset function of wp-login.php. It can only reset the admin account and cannot be used to break into the system. In other words, an inconvenience, not a threat.

To temporarily fix this until it is patched by the WP developers change line 190 in wp-login.php from:

if ( empty( $key ) )

to:

if ( empty( $key ) || is_array( $key ) )

A good write-up of the situation can be found here at H-Online.com. If you find yourself already locked out of your system, there is a script available from codex.wordpress.org: Using the Emergency Password Reset Script

Let’s stay safe out there…