Password recovery failed (invalid message-id)

dimitrist · September 22, 2022, 7:04am

SYSTEM INFORMATION
OS type and version	Debian 11
Webmin version	2.000
Virtualmin version	7.1.gpl-1
Related packages	webmin-virtualmin-password-recovery: 1.12

Hey,

i seem to be having trouble with password recovery for email users… users can visit and request password reset from https://url:10000/virtualmin-password-recovery/usermin.cgi and reset email is being send normally. but link/url send in reset email, always results with message :

Password recovery failed : Invalid message ID!

in " Recovering Password" page…

miniserv.err reports :

Use of uninitialized value $virtualmin_password_recovery::in{“id”} in pattern match (m//) at /usr/share/webmin/virtualmin-password-recovery/email.cgi line 22.
Use of uninitialized value in substitution (s///) at /usr/share/webmin/virtualmin-password-recovery/email.cgi line 154.
Use of uninitialized value in string eq at /usr/share/webmin/virtualmin-password-recovery/email.cgi line 25.

anyone else with same trouble?

as an alternative, as root/admin i can still send new resetted passwords from within virtualmin (edit users). but of course having a working password recovery for users is a much better option…
so, ideas/workarounds/solutions?

thanks in advance,

Ilia · September 22, 2022, 5:56pm

Hello,

Please check this patch:

dimitrist · September 22, 2022, 9:05pm

thanks for the fast reply.

so, tried the above patch, but still no luck. slightly different message :

Password recovery failed : Invalid message ID : xxxxxxxxxxxxxxxxx

miniserv.error :

Use of uninitialized value $virtualmin_password_recovery::in{“id”} in pattern match (m//) at /usr/share/webmin/virtualmin-password-recovery/email.cgi line 33.

Ilia · September 22, 2022, 11:09pm

What is the output of the following command on your Debian 11 system:

cat /dev/urandom | head -c 5 | base64

dimitrist · September 23, 2022, 5:23am

cat /dev/urandom | head -c 5 | base64
DE4k+Zk=

btw, “xxxxxxxxxx” in previous message was a replaced message-id. not the actual message-id.

dimitrist · September 26, 2022, 1:57pm

so tried this patch(Fix to make sure that the variable is initialized first · virtualmin/virtualmin-password-recovery@288e819 · GitHub) too (in fully updated webmin/virtualmin ), but no luck yet.
restarted webmin but same message :
Password recovery failed : Invalid message ID : 3D1b12a89c48ffc7a822d3f2fb1ceda352

recovery url in email :
httpx://maindomain:10000/virtualmin-password-recovery/email.cgi?id=3D1b12a89c48ffc7a822d3f2fb1ceda352

no messages in miniserv.error this time.

please also note, that while reset is being requested on
httpx://virtualmin_subdomain:10000/virtualmin-password-recovery/usermin.cgi
recovery url in email points to default server/primary domain… (?)
maybe this has something to do with the error ?

dimitrist · November 8, 2022, 11:42am

just to keep this topic running.
seems this isn’t the only issue, there’s another one posted in forums.

dimitrist · November 30, 2022, 9:57am

sorry to bring this up, but with many users asking for password changes and complaining for this feature not working, this has become a major time consuming task … (=having as admin to reset passwords on request…)
so just to get a picture and maybe look it up myself :
is password recovery working for everybody else as expected; nobody else faces same issue?

system · January 29, 2023, 9:58am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.