There seems to be a synchronization issue with the form token being invalidated before its final use when changing password. The mail function is not setup so when the change passes it throws when trying to send the confirmation e-mail.
System: v4.7.1, Windows, Maria DB
Setup: - Disable the mail function
Steps to reproduce:
- /index.php?module=UsersManager&action=userSecurity
- Change password
- in ~50% of cases the change fails with:
Error in Matomo: Could not verify the security token on this form.