• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Forwarded to devs password forgot link not alway copies correct

Linulex

Linulex

Silver Pleskian
TITLE:
password forgot link not alway copies correct
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
Plesk Onyx Version 17.8.11 Update #28, and possible all other plesk vesions
all os'es, all systems, etc... this is a plesk issue and is indepentent from os
PROBLEM DESCRIPTION:
When using the password forgot link, a mail is send to the customer, so far so good. When this the code has a % in it, it is not always copied correct and the average customer never heard of ascii code.

for example

/ch_pass_by_secret.php?secret=iifh88QNzj1Y1uAlssmQZsNdGhbdVu1s3naRHG3x44Q%3D

changed to

/ch_pass_by_secret.php?secret=iifh88QNzj1Y1uAlssmQZsNdGhbdVu1s3naRHG3x44Q=

because %3D is the ascii code for =

And for the average customer, "IT" doesn't work, and he gets frustrated.

regards
Jan​
STEPS TO REPRODUCE:
send a forgot email, keep sending it till a code sequence is that of a raw ascii sign

for example

/ch_pass_by_secret.php?secret=iifh88QNzj1Y1uAlssmQZsNdGhbdVu1s3naRHG3x44Q%3D​
ACTUAL RESULT:
when clicked it is changed into this and the user gets an error that the secret code is not correct

/ch_pass_by_secret.php?secret=iifh88QNzj1Y1uAlssmQZsNdGhbdVu1s3naRHG3x44Q=​
EXPECTED RESULT:
secret must be

iifh88QNzj1Y1uAlssmQZsNdGhbdVu1s3naRHG3x44Q%3D​
ANY ADDITIONAL INFORMATION:
Maybe some warning in the e-mail that it would be possible the the code have to be copied manual if it doesn't work.
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Help with sorting out
 
additional info:

copying the link in the field does not work: it keeps saying: wrong secret code.
 
Questions from developer:

1. Is user able to change a password? If yes, what is the problem?
2. There is no bug here. The secret in the example is URL encoded, so, when it is decoded, %3D has been changed with = – it is absolutely correct.
 
I guess the user uses some sort of webmail.
Can he open the mail as plain text, copy such URL and past it into the browser location bar?
 
At the moment the user can not do this anymore because i have reset his password for him via plesk.

But as i reported: that doesnt work.

Linulex said:
additional info:

copying the link in the field does not work: it keeps saying: wrong secret code.
Click to expand...

regards
Jan
 
You must log in or register to reply here.

Similar threads

serreri
Possible problem with password recovery with incorrect email
Replies
1
Views
132
Kaspar@Plesk
Kaspar@Plesk
K
Forwarded to devs User name of account owner always used in password reset email of other users
Replies
1
Views
776
IgorG
IgorG
Linulex
Issue password forgot link not alway copies correct
Replies
2
Views
745
Linulex
Linulex
M
Forwarded to devs 554 5.7.1 <test@dömäin.tld>: Relay access denied;
Replies
12
Views
4K
carefreesmasher
C
DennisAm
Forwarded to devs Outgoing DKIM not working with unauthenticated user
Replies
1
Views
1K
IgorG
IgorG
Back
Top