Email Password Reset Broken?

Serra

Well-Known Member
Oct 27, 2005
266
18
168
Florida
I'm having an issue using the password reset link for emails.

1. The email in the hint appears to be random. Some of them I don't even know.
2. The email contact info has two lines. No matter what emails I put in, the system never sends an email. Sometimes it does prompt with the correct suggestion, but even then it doesn't send a reset link.

This appears to be totally broken and all of the accounts. Does this actually work for anyone?
 
Last edited by a moderator:

Serra

Well-Known Member
Oct 27, 2005
266
18
168
Florida
[2021-04-01 15:48:27 -0400] info [resetpass] Attempt to reset password for a non-existent Subaccount via cPanel password reset detected from IP 24.129.5.....

So this is my own email account I'm testing with. When I got this error I got the correct hint for my own password reset. I put in the email for the rest which matched the hint, but got the error again. No reset showed up.
 

Serra

Well-Known Member
Oct 27, 2005
266
18
168
Florida
Correct. Got to webmail login and it the RESET PASSWORD link. It asks for a username (which is the email) and then prompts you for your reset email address.

That reset address is kinda random. Sometimes it is right, but sometimes it is totally wrong. If the hint is right and I put in the right email, I get to the next page, but no email is ever generated. (I can't see it leave the server)
 

Serra

Well-Known Member
Oct 27, 2005
266
18
168
Florida
Reset Password for cPanel accounts [?]
  • On
    default
Reset Password for Subaccounts [?]
  • On
    default

Both are set to ON.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,418
1,000
313
cPanel Access Level
Root Administrator
If the hint is completely random, that is just something we generate to include data there, and means there is no hint set up for that user.

You can have multiple email addresses specified for the contact. If you check /home/username/.cpanel/contactinfo, you'll see a line for "email" and a second one for "second_email"

if you manually check that file, is the correct email address listed there?

It may also be good to watch /var/log/exim_mainlog to ensure the message is being sent properly from your server when using that reset link.
 

Serra

Well-Known Member
Oct 27, 2005
266
18
168
Florida
It is listed in /contactinfo
as:
"---
email: [email protected]"

I just tested it again and the email never showed up in /var/log/exim_mainlog. The hint was correct and I put in my email which matched the one in the hint and in contactinfo.

I also tested the wrong email and got the error message: "The email address you provided does not match our records." So I have to assume my first attempt was a valid email.

However, I will add that the email field appears to be case-sensitive. When I use [email protected] (example) I get a good response, if I use [email protected] it gives me a bogus hint.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,418
1,000
313
cPanel Access Level
Root Administrator
If the message isn't even being generated it sounds like there's an issue with the cPanel system. Could you open a ticket with our team so we can do some testing directly on the server? Just post the ticket number here so I can follow along and make sure this thread stays updated.