Password recovery failed (invalid message-id)

OS type and version Debian 11
Webmin version 2.000
Virtualmin version 7.1.gpl-1
Related packages webmin-virtualmin-password-recovery: 1.12


i seem to be having trouble with password recovery for email users… users can visit and request password reset from https://url:10000/virtualmin-password-recovery/usermin.cgi and reset email is being send normally. but link/url send in reset email, always results with message :

Password recovery failed : Invalid message ID!

in " Recovering Password" page…

miniserv.err reports :

Use of uninitialized value $virtualmin_password_recovery::in{“id”} in pattern match (m//) at /usr/share/webmin/virtualmin-password-recovery/email.cgi line 22.
Use of uninitialized value in substitution (s///) at /usr/share/webmin/virtualmin-password-recovery/email.cgi line 154.
Use of uninitialized value in string eq at /usr/share/webmin/virtualmin-password-recovery/email.cgi line 25.

anyone else with same trouble?

as an alternative, as root/admin i can still send new resetted passwords from within virtualmin (edit users). but of course having a working password recovery for users is a much better option…
so, ideas/workarounds/solutions?

thanks in advance,


Please check this patch:

thanks for the fast reply.

so, tried the above patch, but still no luck. slightly different message :

Password recovery failed : Invalid message ID : xxxxxxxxxxxxxxxxx

miniserv.error :

Use of uninitialized value $virtualmin_password_recovery::in{“id”} in pattern match (m//) at /usr/share/webmin/virtualmin-password-recovery/email.cgi line 33.

What is the output of the following command on your Debian 11 system:

cat /dev/urandom | head -c 5 | base64

cat /dev/urandom | head -c 5 | base64

btw, “xxxxxxxxxx” in previous message was a replaced message-id. not the actual message-id.

so tried this patch(Fix to make sure that the variable is initialized first · virtualmin/virtualmin-password-recovery@288e819 · GitHub) too (in fully updated webmin/virtualmin ), but no luck yet.
restarted webmin but same message :
Password recovery failed : Invalid message ID : 3D1b12a89c48ffc7a822d3f2fb1ceda352

recovery url in email :

no messages in miniserv.error this time.

please also note, that while reset is being requested on
recovery url in email points to default server/primary domain… (?)
maybe this has something to do with the error ?

just to keep this topic running.
seems this isn’t the only issue, there’s another one posted in forums.

sorry to bring this up, but with many users asking for password changes and complaining for this feature not working, this has become a major time consuming task … (=having as admin to reset passwords on request…)
so just to get a picture and maybe look it up myself :
is password recovery working for everybody else as expected; nobody else faces same issue?

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.