diff --git a/forgotPassword.php b/forgotPassword.php
index cd2dd95184669556bd98b14ee46d6e48dd1ae1ed..df0c9f87daf86fd2df3b5a81f79e136910547c31 100644
--- a/forgotPassword.php
+++ b/forgotPassword.php
@@ -34,7 +34,7 @@ if (isset($_REQUEST['username']) && isset($_REQUEST['emailId'])) {
 				'username' => $username,
 				'email' => $email,
 				'time' => $time,
-				'hash' => md5($username.$time)
+				'hash' => hash('sha256',$username.$time)
 			)
 		);
 		$trackURL = Vtiger_ShortURL_Helper::generateURL($options);
diff --git a/modules/Users/handlers/ForgotPassword.php b/modules/Users/handlers/ForgotPassword.php
index ccbb03082f348733dda89dd598bddb4e4b042674..34d4ff4a761d9bc538c442ecfa69cd2ffda22499 100644
--- a/modules/Users/handlers/ForgotPassword.php
+++ b/modules/Users/handlers/ForgotPassword.php
@@ -31,7 +31,7 @@ class Users_ForgotPassword_Handler {
 		$currentTime = time();
 		if($expiryTime > $currentTime) {
 			$secretToken = uniqid();
-			$secretHash = md5($userName.$secretToken);
+			$secretHash = hash('sha256',$userName.$secretToken);
 			$options = array(
 				'handler_path' => 'modules/Users/handlers/ForgotPassword.php',
 				'handler_class' => 'Users_ForgotPassword_Handler',