diff --git a/themes/bootstrap3/templates/myresearch/newpassword.phtml b/themes/bootstrap3/templates/myresearch/newpassword.phtml
index d504382bf7dc7f9d575d1e693a0c65555a09642b..8391573200f32efa7bbaee5009be4b316f491007 100644
--- a/themes/bootstrap3/templates/myresearch/newpassword.phtml
+++ b/themes/bootstrap3/templates/myresearch/newpassword.phtml
@@ -20,6 +20,7 @@
   <div class="error"><?=$this->transEsc('recovery_user_not_found') ?></div>
 <? else: ?>
   <form id="newpassword" class="form-horizontal" action="<?=$this->url('myresearch-newpassword') ?>" method="post" data-toggle="validator" role="form">
+    <input type="hidden" value="<?=$this->escapeHtmlAttr($this->auth()->getManager()->getCsrfHash(true))?>" name="csrf"/>
     <input type="hidden" value="<?=$this->escapeHtmlAttr($this->hash) ?>" name="hash"/>
     <input type="hidden" value="<?=$this->escapeHtmlAttr($this->username) ?>" name="username"/>
     <input type="hidden" value="<?=$this->escapeHtmlAttr($this->auth_method) ?>" name="auth_method"/>
diff --git a/themes/jquerymobile/templates/myresearch/newpassword.phtml b/themes/jquerymobile/templates/myresearch/newpassword.phtml
index 0f0694a8fea0560b406829ed53a0b4a09cf1e14e..ee3335dcddd2a912a045c455f3e7863d671bed0a 100644
--- a/themes/jquerymobile/templates/myresearch/newpassword.phtml
+++ b/themes/jquerymobile/templates/myresearch/newpassword.phtml
@@ -20,6 +20,7 @@
     <? else: ?>
       <form data-ajax="false" action="<?=$this->url('myresearch-newpassword') ?>" method="post">
         <?=$this->auth()->getNewPasswordForm() ?>
+        <input type="hidden" value="<?=$this->escapeHtmlAttr($this->auth()->getManager()->getCsrfHash(true))?>" name="csrf"/>
         <input type="hidden" value="<?=$this->escapeHtmlAttr($this->hash) ?>" name="hash"/>
         <input type="hidden" value="<?=$this->escapeHtmlAttr($this->username) ?>" name="username"/>
         <input type="hidden" value="<?=$this->escapeHtmlAttr($this->auth_method) ?>" name="auth_method"/>