WordPress has been updated to 2.8.4, securing it from the vulnerability discovered yesterday that permits the admin password to be reset by passing an empty array as the key parameter to a reset request:
http://www.startcodon.com/wordpress/wp-login.php?action=rp&key[]=.
This will fail now 