Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Confluence answering with HTTP 404 for password reset ?

Florian Seifer
Florian Seifer July 7, 2022

Hello Community,

 

On a Confluence-Server instance I manage, we have a strange phenomenon.

Users who try to reset there password via:

https://domain.com/resetuserpassword.action?username=debug.test&token=e9248c643a23f18176a3d852ea17ec8dba1fe150

get a 404 Response from the System... Here is the corresponding access-log:

[30/Jun/2022:15:09:52 +0200] - https-jsse-nio2-8443-exec-18  POST /doresetuserpassword.action HTTP/1.1 404 9ms - https://domain.com/doresetuserpassword.action&token=d8923332699c2782e6b34b57ee1ccc98002b3cbb Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0

 

However if you log into the Server with an account prior to sending the reset-request, aka within an authenticated session all works as expected:

 

[30/Jun/2022:15:15:01 +0200] <AUTHENTICATED ACCOUNT NAME> https-jsse-nio2-8443-exec-10  POST /doresetuserpassword.action HTTP/1.1 200 87ms 38147 https://domain.com/resetuserpassword.action?username=debug.test&token=5081199bcf0bd94671d1a5a297a1ba3545a7b355 Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0

 

I already checked the Base-URL of the system and its set up correctly.

Im a bit stumped to be honest.....

 

I understand that Confluence at some Point answered with 404s to unauthorized page requests, but an initial password reset for a new user shouldnt be restricted?

If you have any idea what might be causing this behaviour or if you need further information, please let me know.

 

EDIT:

I can now confirm that it is related to permissions:

 

-- referer: https://domain.com/resetuserpassword.action?username=debug.test&token=e9248c643a23f18176a3d852ea17ec8dba1fe150 | url: /doresetuserpassword.action | traceId: be0586a986eb538e | userName: anonymous
2022-07-07 14:37:33,503 ERROR [https-jsse-nio2-8443-exec-44] [atlassian.confluence.servlet.ConfluenceServletDispatcher] sendError Could not execute action
-- referer: https://domain.com/resetuserpassword.action?username=debug.test&token=e9248c643a23f18176a3d852ea17ec8dba1fe150 | url: /doresetuserpassword.action | traceId: be0586a986eb538e | userName: anonymous
com.atlassian.confluence.core.InsufficientPrivilegeException: User [Anonymous] does not have the required privileges.

 

"User [Anonymous] does not have the required privileges."

But how else is an initial password reset supposed to work??

 

Thank you for any support you can lend.

 

With kind regards

Florian Seifer

 

 

 

 

Answer
Watch
Like Be the first to like this
465 views

1 answer

1 accepted

0 votes
Answer accepted
Florian Seifer
Florian Seifer July 7, 2022

To anybody having this issue, its a known bug:

https://jira.atlassian.com/browse/CONFSERVER-79041

 

Regards

Florian Seifer

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
SERVER
VERSION
7.13.7
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.