• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Forwarded to devs No password reset for additional admin accounts

K

Kaspar

API expert
Plesk Guru
Username:

TITLE

No password reset for additional admin accounts

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

CentOS 7.9, Plesk 18.0.41

PROBLEM DESCRIPTION

When using the "Forgot your password?" feature on the login-screen for a "Additional administrator account" no reset email is send. So an additional administrator who forgot his/her password is unable to reset it.

Looking at Tools & Settings > Task Manager shows
SUCCESS2022-02-02 15:09:11reset-password

Looking at Tools & Settings > Action Log shows
2022-02-02 15:09:11123.123.123.123Password reset requestLogin Name: '' → testuser
Reset using: '' → Username
...

There is no reference in the mail log of a password reset mail.

STEPS TO REPRODUCE

1. Create a "Additional administrator account"
2. Logout of Plesk
3. Go to login-screen, click "Forgot your password?" link
4. Fill in email address or user name from the additional administrator account created a step 1

ACTUAL RESULT

No email received to reset password.

EXPECTED RESULT

Get an email to reset password.

ANY ADDITIONAL INFORMATION

Thanks to user @JohnBos for noticing this bug.

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
Since Plesk Onyx, the option to reset the password via email was disabled for the Plesk administrator accounts for security reasons: https://support.plesk.com/hc/en-us/articles/360017069199

The bug PPPM-12977 is already created to improve such behaviour: The email should be sent with information that password for Plesk administrators cannot be reset for security reasons and instructions on how to reset it correctly.
No ETA is available for its implementation now.
 
You must log in or register to reply here.

Similar threads

P
Forwarded to devs Event 'CP User Login' triggered despite invalid additional authentication step (MFA)
Replies
2
Views
153
Kaspar@Plesk
Kaspar@Plesk
P
Cannot login to Plesk Support
Replies
15
Views
4K
Peter Debik
P
Frank.P
Statistics never reset, always grow up and when change month still growing
Replies
1
Views
524
Peter Debik
P
K
Resolved Placeholders for reseller resource overuse notices don't work
Replies
3
Views
456
Hangover2
Hangover2
K
Forwarded to devs Custom domain name configured for autodiscovery not used for iOS QR code
Replies
2
Views
445
Peter Debik
P
Back
Top