diff --git a/forgotPassword.php b/forgotPassword.php
index 27b73b4749aca63ba91c15cab365a15a548bb2fe..7d1ae5f79249a7db4c3371108b582b2d8756adac 100644
--- a/forgotPassword.php
+++ b/forgotPassword.php
@@ -34,7 +34,7 @@ if (isset($_REQUEST['username']) && isset($_REQUEST['emailId'])) {
 				'username' => $username,
 				'email' => $email,
 				'time' => $time,
-				'hash' => md5($username.$time)
+				'hash' => hash('sha256',$username.$time)
 			)
 		);
 		$trackURL = Vtiger_ShortURL_Helper::generateURL($options);
diff --git a/modules/Users/handlers/ForgotPassword.php b/modules/Users/handlers/ForgotPassword.php
index 8b8e0d586773ed63a76c8d55bf1d404c1e9a1d64..b05d650a3810b5f0b1f5c98215edbd55ec497547 100644
--- a/modules/Users/handlers/ForgotPassword.php
+++ b/modules/Users/handlers/ForgotPassword.php
@@ -31,7 +31,7 @@ class Users_ForgotPassword_Handler {
 		$currentTime = time();
 		if($expiryTime > $currentTime) {
 			$secretToken = uniqid();
-			$secretHash = md5($userName.$secretToken);
+			$secretHash = hash('sha256',$userName.$secretToken);
 			$options = array(
 				'handler_path' => 'modules/Users/handlers/ForgotPassword.php',
 				'handler_class' => 'Users_ForgotPassword_Handler',