Maybe this is related to the OP's issue - this just came up...
Version 56.0/33
User tells us he tried his old username and a few different passwords, didn't work. "Then I tried to do a password reset but it tells me that the feature is disabled". So I go to his site /cpanel and click the Reset link jusy moments after he said it was disabled - this button click at least works for me and progresses to asking for the email address. But what it gives in the hint is NOT client's email, nor our email, nor any that I recognize (see pic).
I log into my WHM and check "list accounts" screen to see that his usual email address which I expected is indeed listed there (PHEW) (and only that one address is there). I simply click the Change button there beside his Contact Email. I go back to his /cpanel login page and hit Reset again and now it shows the hint which would correctly represent his email address. He receives the reset message, but he tries the pin and it won't work (I gather from the docs this is by design security-wise because not same computer since I dispatched it). Fair enough I ask him to try the Reset again - it works, he gets into his account.
WHERE DID THIS ROGUE EMAIL ADDRESS come from ?
Is it a "dummy" as part of a security block when there's been too many attempts?
I immediately checked all cpanel user config files - all have correct CONTACTEMAIL values, and none of them resembles that strange address.
(malheureusement, I didn't check his before clicking Change in WHM)
I tried reset on another account, it shows the correct email hint for that account. I will try a few more and also try to reproduce by purposefully using a bad login.
Version 56.0/33
User tells us he tried his old username and a few different passwords, didn't work. "Then I tried to do a password reset but it tells me that the feature is disabled". So I go to his site /cpanel and click the Reset link jusy moments after he said it was disabled - this button click at least works for me and progresses to asking for the email address. But what it gives in the hint is NOT client's email, nor our email, nor any that I recognize (see pic).
I log into my WHM and check "list accounts" screen to see that his usual email address which I expected is indeed listed there (PHEW) (and only that one address is there). I simply click the Change button there beside his Contact Email. I go back to his /cpanel login page and hit Reset again and now it shows the hint which would correctly represent his email address. He receives the reset message, but he tries the pin and it won't work (I gather from the docs this is by design security-wise because not same computer since I dispatched it). Fair enough I ask him to try the Reset again - it works, he gets into his account.
WHERE DID THIS ROGUE EMAIL ADDRESS come from ?
Is it a "dummy" as part of a security block when there's been too many attempts?
I immediately checked all cpanel user config files - all have correct CONTACTEMAIL values, and none of them resembles that strange address.
(malheureusement, I didn't check his before clicking Change in WHM)
I tried reset on another account, it shows the correct email hint for that account. I will try a few more and also try to reproduce by purposefully using a bad login.
Attachments
-
15.8 KB Views: 45