diff --git a/app/controllers/devise/passwords_controller.rb b/app/controllers/devise/passwords_controller.rb
index 3af1f864b7..942987214a 100644
--- a/app/controllers/devise/passwords_controller.rb
+++ b/app/controllers/devise/passwords_controller.rb
@@ -80,4 +80,8 @@ def unlockable?(resource)
     def translation_scope
       'devise.passwords'
     end
+
+    def resource_params
+      devise_parameter_sanitizer.sanitize(:reset_password)
+    end
 end
diff --git a/lib/devise/parameter_sanitizer.rb b/lib/devise/parameter_sanitizer.rb
index 6d9523a4f5..a00a4513b9 100644
--- a/lib/devise/parameter_sanitizer.rb
+++ b/lib/devise/parameter_sanitizer.rb
@@ -38,7 +38,8 @@ class ParameterSanitizer
     DEFAULT_PERMITTED_ATTRIBUTES = {
       sign_in: [:password, :remember_me],
       sign_up: [:password, :password_confirmation],
-      account_update: [:password, :password_confirmation, :current_password]
+      account_update: [:password, :password_confirmation, :current_password],
+      reset_password: [:reset_password_token, :password, :password_confirmation]
     }
 
     def initialize(resource_class, resource_name, params)
diff --git a/test/parameter_sanitizer_test.rb b/test/parameter_sanitizer_test.rb
index c00cd58eb9..9fbebf69c1 100644
--- a/test/parameter_sanitizer_test.rb
+++ b/test/parameter_sanitizer_test.rb
@@ -58,6 +58,13 @@ def sanitizer(params)
     assert_equal({ 'email' => 'jose' }, sanitized)
   end
 
+  test 'permits the default parameters for password reset' do
+    sanitizer = sanitizer('user' => { 'email' => 'jose', 'password' => 'myPassword1234', 'role' => 'invalid' })
+    sanitized = sanitizer.sanitize(:reset_password)
+
+    assert_equal({ 'email' => 'jose', 'password' => 'myPassword1234' }, sanitized)
+  end
+
   test 'permits news parameters for an existing action' do
     sanitizer = sanitizer('user' => { 'username' => 'jose' })
     sanitizer.permit(:sign_in, keys: [:username])