Password recovery failed (invalid message-id)

SYSTEM INFORMATION
OS type and version Debian 11
Webmin version 2.000
Virtualmin version 7.1.gpl-1
Related packages webmin-virtualmin-password-recovery: 1.12

Hey,

i seem to be having trouble with password recovery for email users… users can visit and request password reset from https://url:10000/virtualmin-password-recovery/usermin.cgi and reset email is being send normally. but link/url send in reset email, always results with message :

Password recovery failed : Invalid message ID!

in " Recovering Password" page…

miniserv.err reports :

Use of uninitialized value $virtualmin_password_recovery::in{“id”} in pattern match (m//) at /usr/share/webmin/virtualmin-password-recovery/email.cgi line 22.
Use of uninitialized value in substitution (s///) at /usr/share/webmin/virtualmin-password-recovery/email.cgi line 154.
Use of uninitialized value in string eq at /usr/share/webmin/virtualmin-password-recovery/email.cgi line 25.

anyone else with same trouble?

as an alternative, as root/admin i can still send new resetted passwords from within virtualmin (edit users). but of course having a working password recovery for users is a much better option…
so, ideas/workarounds/solutions?

thanks in advance,

Hello,

Please check this patch:

thanks for the fast reply.

so, tried the above patch, but still no luck. slightly different message :

Password recovery failed : Invalid message ID : xxxxxxxxxxxxxxxxx

miniserv.error :

Use of uninitialized value $virtualmin_password_recovery::in{“id”} in pattern match (m//) at /usr/share/webmin/virtualmin-password-recovery/email.cgi line 33.

What is the output of the following command on your Debian 11 system:

cat /dev/urandom | head -c 5 | base64

cat /dev/urandom | head -c 5 | base64
DE4k+Zk=

btw, “xxxxxxxxxx” in previous message was a replaced message-id. not the actual message-id.