I have viewd the log, he was logged in as a normal user, he could also NOT use the API.
Detailed staps are simple:
Reseller made a client -> client logged in -> client created a new FTP user -> client changed the password of the FTP user -> client logged in to the FTP and reported a bug to reseller -> reseller closed the FTP and reported the bug to me.
I'm still not able to reproduce it. But the bug exists.