@rbuelund Which Joomla version? As you might know, there are always 2 versions in use, currently 5.4.0 and 6.0.0.

5.4

Are you using the PHP Mailer? Or SMTP?

SMTP - and as written - the lost username function DOES send mails, only the lost password function does not.

Tested on two different sites.

I cannot replicate the issue. In J5 and J6 all mails are sent.

I can't imagine a scenario in joomla where one is sent and the other is not

There coud be an override of the lost password page. But perhaps it is only a typo in the mail-address?

No type - tried several times, and with the exact same e-mail for lost username and lost password. Email only comes through for username.

Can i in some way gather some more usefull info to this ?

Which template are you using?

Could it be a superadmin level user trying to fetch a password, which they cannot?

Could it be a superadmin level user trying to fetch a password, which they cannot?

good point I forgot that

The super user gets a message that he cannot require a new password.

Are you sure as that would be a security vulnerability confirming that the email address is that of a super user. They just get the default

Well thank you all - exactly the problem! But how should super users know that? - I did not, or have forgotten it. Would it be a security risk to send a mail to the super user saying you cannot reset your password ? If the super users mail account has been hacked, well then the hacker would possibly know anyway that this is a super user on that site ?

When I try the reset option, I get this message:

Obviously a wrong message

weird - i just tried again in both j5 and j6 and did not get that

With e-mail address of the super user?

yes

I have no idea.

https://github.com/joomla/joomla-cms/blob/5.4-dev/components/com_users/src/Model/ResetModel.php#L425
this is the code.
With false language Language Keys

just rechecked on a clean 6.0 install - no change

Just checked on a clean install of J5.4.0
Getting a user name reminder mail, but not a password mail for the super user.
Same as Brian for the initial message. Not the strings from the com_users lang file.

The mail to the superuser is never sent - that is intentional. The message is depending on the Debug Setting - but the messages should not be different when debug mode is on. We will fix this. As for the supervisor we will send an email that the passwort cannot be reset this way.

No you must not send an email. That's a security issue confirming that the email is for a super user.

No you must not send an email. That's a security issue confirming that the email is for a super user.

Maybe @MacJoom mean that all other super users will get that email but not to the one who requests the password reset? Something like "Super user xyz has requested a password reset"?

If it's a superuser email we will send the message that it cannot be reset this way to this superuser - without displaying a different message on the screen. I see no disclosure of an information this way. No message is given on screen that an email is really beeing sent - the same with random email addresses

I have gained control of the email and now I know that this email is for a superuser

OK - then we cannot fix this issue anyway. But if one has control over the emails he/she could probably check older emails and find out anyway...