Password hashing bug in the password recovery process

SYSTEM INFORMATION
OS type and version Debian 12
Webmin version 2.303
Virtualmin version 7.30.8

In the “Virtual server validation” email, I get the “validate_eenc2” error after I changed the user’s password via: Virtualmin > Edit Users > [select the user] > Recover Password > Send Password

This happend with two users (that I changed the password from a few months back). The odd thing is, I currently cannot repeat this on another account on the same server and when I change the password of the two effected accounts again (via the recovery path), the problem remains.

This is my setup / configuration:

Under Virtualmin > System Settings > Server Templates > Default Settings > Administration User

“Store clear text passwords” is set to “No, only store hashed passwords”
and
“Hashed password types to store” is set to “All types”

/etc/webmin/virtual-server/domains has “hashpass=1” in the file and “enc_pass” is set to a long string.

And I can confirm that I cannot preview the user’s password.

Keywords: “Administration user” “Hashed password for Unix user” USERNAME “does not match virtual server as it was changed outside of Virtualmin”

Related posts: I can't see mail paswords in Edit User page after virtualmin / authentic theme update

PS: I do not get the “Hash password” checkbox from Add support for enabling/disabling password hashing for existing servers by iliajie · Pull Request #511 · virtualmin/virtualmin-gpl · GitHub in either Virtualmin location (“Edit Virtual Server” or “Recover Password”).

*** Solution:

Updating the password via the “Edit Virtual Server” page showed:

Modifying administration user ..
.. done

Updating Webmin user ..
.. done

Updating Webmin user ..
.. done

Saving server details ..
.. done

and DID solve the hash problem. I’ve confirmed the solution by running:

virtualmin validate-domains --domain example.com --all-features

on both domains; the one I edited the password for via this path did not have the problem anymore.