Thank you for you answer, but this doesn't seem to work. I get back url: http://localhost:8080/CMSModules/Membership/CMSPages/ResetPassword.aspx
It doesn't have any token to identify what user requested password reset.
And additional question: why is this page (.../CMSModules/Membership/CMSPages/ResetPassword.aspx) opened to public? It's styled like Kentico backend interface, yet it was accessible to me, even when I wasn't signed in as administrator.