Virtualmin Password Recovery module issue

OS type and version Ubuntu 22.04
Webmin version 2.001
Virtualmin version 7.2-1
Related packages webmin-virtualmin-password-recovery 1.12
Related packages Running on Azure VM with 5.15.0-1020-azure kernel

I’m encountering a repeated problem with several recent Virtualmin installs. I want to use the Password Recovery module, but after installation it doesn’t work. I have successfully installed & used in the past, in fact I still have it running fine on another VM, which I have been comparing with to try to troubleshoot. That I’ve had the same problem with several recent instances leads me to believe this is a bug.
I’ve had a quick look for other posts, while there are several on the Password Recovery module, only this one - the most recent - seems t describe the same issue: Usermin password recovery - again
“But: how do we really do the password recovery, if the button always redirects to new page with a webmin login?”

This is my experience, clicking the orange button on : DOMAIN/:10000/session_login.cgi opens a new, identical seeming, tab, but with address DOMAIN:10000/virtualmin-password-recovery/
On my older VM with working password recovery the addresses are the same, but the new DOMAIN:10000/virtualmin-password-recovery/ tab contains the expected password recovery page.

I have done some investigation, but am not the most skilled. I noticed that the link address from the button wasn’t correctly formatted, missing the double quotes for href (so href=/virtualmin-password-recovery/) but I think that’s not the cause of the issue - as I tried editing session_login.cgi (I know that’s not a permanent fix & the value comes from session_postfix= somewhere, but I can’t find the location of that, even in my VM that is working that entry doesn’t appear in e.g. /etc/webmin/authentic-theme/custom-lang), also if the address DOMAIN:10000/virtualmin-password-recovery/ is being reached it’s nothing to do with that link lacking quote marks.

I’m working away on the basis that if DOMAIN:10000/virtualmin-password-recovery/ is in the address bar on the tab then /usr/share/webmin/virtualmin-password-recovery/index.cgi is being called, but there is something wrong after that, probably in files that file then references/calls. I’m trying to troubleshoot by inserting breaks in index.cgi, but haven’t worked with Perl before & also caching (I think) is making changes hard to effect.

Any help appreciated - I’m hoping someone from Virtualmin team can comment as, as above, I believe this to be a general fault & not a glitch in a single install (appreciate it may be particular to e.g. Azure VM or maybe I keep continually making the same false step in install, however, again as above, I’ve done it right in past)


We will have to take a deer look in to this problem. If you go to Webmin / Webmin ⇾ Webmin Configuration: Webmin Themes and change the theme to Gray Framed Theme, then logout – does the password recovery works correctly then?

Hi Ilia, thanks for the reply.
In grey framed theme the behaviour is pretty much the same.
The only slight difference is that instead of another log in screen appearing in a new tab under the address :10000/virtualmin-password-recovery/ the “new” log in screen replaces the “old” in the same tab (with address switching from :10000 to :10000/virtualmin-password-recovery/)

I am still chipping away at this one.
What I think I know so far:
Both my “working & problem servers” (problem = password recovery page not showing) have the same link associated with the orange button:
<a target="_blank" href="/virtualmin-password-recovery/" class="btn btn-warning"><i class="fa fa-unlock"></i>&nbsp;&nbsp;Forgot your Webmin password?</a>

Resulting in a browser window with address DOMAIN:10000/virtualmin-password-recovery/

The issue is about how that address is then resolved/treated. On the working server the link is followed to the index.cgi file in /usr/share/webmin/virtualmin-password-recovery/
On the problem server this is MOSTLY not the case & I simply get another window/tab with the Webmin log in page repeated.
However in the Chrome session I have open now somehow this has changed & “the problem” server is acting the same as the good server - password recovery page is reached.
So it’s fixed? No, as I now have the weird behaviour that if I enter DOMAIN:10000/virtualmin-password-recovery/ in this Chrome session all seems well, but if I copy that address to Firefox or Edge on same machine (or Chrome on another machine) I still have the issue.
It seems there is some tiny glitch in resolving DOMAIN:10000/virtualmin-password-recovery/ so that it now works in this one Chrome session, some link made or gap bridged & now things are behaving as they are supposed to.
But in a fresh browsing session I still have the issue.

Sorry. I remember about this issue, I just haven’t had a chance yet to look at it. I will update this ticket when it’s done.

Hi Ilia - any progress on this one?
Let me know if I can do anymore investigation.
I’m coming to the end of some other work & will try to get back to looking at this myself, though, as above, I’m at the limit of my knowledge/skill in taking further.