diff --git a/common/djangoapps/student/tests/tests.py b/common/djangoapps/student/tests/tests.py
index 1e7ee4baa8..f788c7fd3d 100644
--- a/common/djangoapps/student/tests/tests.py
+++ b/common/djangoapps/student/tests/tests.py
@@ -59,23 +59,28 @@ class ResetPasswordTests(TestCase):
         self.user_bad_passwd.password = UNUSABLE_PASSWORD
         self.user_bad_passwd.save()
 
+    @patch('student.views.render_to_string', Mock(side_effect=mock_render_to_string, autospec=True))
     def test_user_bad_password_reset(self):
         """Tests password reset behavior for user with password marked UNUSABLE_PASSWORD"""
 
         bad_pwd_req = self.request_factory.post('/password_reset/', {'email': self.user_bad_passwd.email})
         bad_pwd_resp = password_reset(bad_pwd_req)
+        # If they've got an unusable password, we return a successful response code
         self.assertEquals(bad_pwd_resp.status_code, 200)
-        self.assertEquals(bad_pwd_resp.content, json.dumps({'success': False,
-                                                            'error': 'Invalid e-mail or user'}))
+        self.assertEquals(bad_pwd_resp.content, json.dumps({'success': True,
+                                                            'value': "('registration/password_reset_done.html', [])"}))
 
+    @patch('student.views.render_to_string', Mock(side_effect=mock_render_to_string, autospec=True))
     def test_nonexist_email_password_reset(self):
         """Now test the exception cases with of reset_password called with invalid email."""
 
         bad_email_req = self.request_factory.post('/password_reset/', {'email': self.user.email+"makeItFail"})
         bad_email_resp = password_reset(bad_email_req)
+        # Note: even if the email is bad, we return a successful response code
+        # This prevents someone potentially trying to "brute-force" find out which emails are and aren't registered with edX
         self.assertEquals(bad_email_resp.status_code, 200)
-        self.assertEquals(bad_email_resp.content, json.dumps({'success': False,
-                                                              'error': 'Invalid e-mail or user'}))
+        self.assertEquals(bad_email_resp.content, json.dumps({'success': True,
+                                                              'value': "('registration/password_reset_done.html', [])"}))
 
     @unittest.skipUnless(not settings.MITX_FEATURES.get('DISABLE_PASSWORD_RESET_EMAIL_TEST', False),
                          dedent("""Skipping Test because CMS has not provided necessary templates for password reset.
diff --git a/common/djangoapps/student/views.py b/common/djangoapps/student/views.py
index f92ffe9d3e..1702d7145e 100644
--- a/common/djangoapps/student/views.py
+++ b/common/djangoapps/student/views.py
@@ -1229,11 +1229,8 @@ def password_reset(request):
                   from_email=settings.DEFAULT_FROM_EMAIL,
                   request=request,
                   domain_override=request.get_host())
-        return HttpResponse(json.dumps({'success': True,
+    return HttpResponse(json.dumps({'success': True,
                                         'value': render_to_string('registration/password_reset_done.html', {})}))
-    else:
-        return HttpResponse(json.dumps({'success': False,
-                                        'error': _('Invalid e-mail or user')}))
 
 
 def password_reset_confirm_wrapper(