Joomla! Issue Tracker | Joomla! CMS #46479 - Joomla Lost password not sending mail

No Code Attached Yet

New
Critical
Build: 5.4
# 46479

rbuelund
20 Nov 2025

When using Lost password, no email is sent to the user, but when using lost username an email IS sent.

Votes

# of Users Experiencing Issue

1/1

Average Importance Score

5.00

rbuelund - open - 20 Nov 2025

rbuelund - change - 20 Nov 2025

Labels

Removed: ?

joomla-cms-bot - change - 20 Nov 2025

Labels

Added: No Code Attached Yet

joomla-cms-bot - labeled - 20 Nov 2025

richard67 - comment - 20 Nov 2025

@rbuelund Which Joomla version? As you might know, there are always 2 versions in use, currently 5.4.0 and 6.0.0.

rbuelund - comment - 20 Nov 2025

5.4

richard67 - comment - 20 Nov 2025

Are you using the PHP Mailer? Or SMTP?

rbuelund - comment - 20 Nov 2025

SMTP - and as written - the lost username function DOES send mails, only the lost password function does not.

rbuelund - comment - 20 Nov 2025

Tested on two different sites.

chmst - comment - 20 Nov 2025

I cannot replicate the issue. In J5 and J6 all mails are sent.

brianteeman - comment - 20 Nov 2025

I can't imagine a scenario in joomla where one is sent and the other is not

chmst - comment - 20 Nov 2025

There coud be an override of the lost password page. But perhaps it is only a typo in the mail-address?

rbuelund - comment - 20 Nov 2025

No type - tried several times, and with the exact same e-mail for lost username and lost password. Email only comes through for username.

rbuelund - comment - 20 Nov 2025

Can i in some way gather some more usefull info to this ?

chmst - comment - 20 Nov 2025

Which template are you using?

ot2sen - comment - 20 Nov 2025

Could it be a superadmin level user trying to fetch a password, which they cannot?

brianteeman - comment - 20 Nov 2025

Could it be a superadmin level user trying to fetch a password, which they cannot?

good point I forgot that

chmst - comment - 20 Nov 2025

The super user gets a message that he cannot require a new password.

brianteeman - comment - 20 Nov 2025

Are you sure as that would be a security vulnerability confirming that the email address is that of a super user. They just get the default

rbuelund - comment - 21 Nov 2025

Well thank you all - exactly the problem! But how should super users know that? - I did not, or have forgotten it. Would it be a security risk to send a mail to the super user saying you cannot reset your password ? If the super users mail account has been hacked, well then the hacker would possibly know anyway that this is a super user on that site ?

chmst - comment - 21 Nov 2025

When I try the reset option, I get this message:

Obviously a wrong message

brianteeman - comment - 21 Nov 2025

weird - i just tried again in both j5 and j6 and did not get that

chmst - comment - 21 Nov 2025

With e-mail address of the super user?

brianteeman - comment - 21 Nov 2025

yes

chmst - comment - 21 Nov 2025

I have no idea.

https://github.com/joomla/joomla-cms/blob/5.4-dev/components/com_users/src/Model/ResetModel.php#L425
this is the code.
With false language Language Keys

brianteeman - comment - 21 Nov 2025

just rechecked on a clean 6.0 install - no change

ot2sen - comment - 21 Nov 2025

Just checked on a clean install of J5.4.0
Getting a user name reminder mail, but not a password mail for the super user.
Same as Brian for the initial message. Not the strings from the com_users lang file.

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#46479] - Joomla Lost password not sending mail

Votes

Add a Comment