If you are running a private vB5 forum that requires registered users to access and view the forums, you are experiencing this bug where the reset-password page is not accessible when user is not logged in. So it's not possible for your users to reset their password.

Enabling "Can View Channels" permission fixes the issue, however it's not a desirable workaround as it allows guests to partially view the site.

This issue occurs in vB 5.2.1 to 5.2.3 which was recently released. Based on the bug report (http://tracker.vbulletin.com/browse/VBV-15975), it seems that vBulletin will fix it in the next version 5.2.4 which would probably be released in 3 months or so. I based this on the time it took to release 5.2.3 from the time 5.2.2 was released. But you'll never know when.

If you cannot wait for the official fix, then this hack is for you.

Open and edit this file in a text editor.

/core/vb/api/route.php


Find and replace this line:

protected $whitelistPrefix = array('help', 'contact-us', 'lostpw', 'register', 'activateuser', 'activateemail', 'admincp');


with:

protected $whitelistPrefix = array('help', 'contact-us', 'lostpw', 'register', 'activateuser', 'activateemail', 'admincp', 'reset-password');


Notice that you simply have to add the URL prefix for Reset Password page to the array. I don't know why it is taking time for vBulletin to fix this issue.

Note: Since this is a core hack, you have to re-apply this change whenever you upgrade. But this wouldn't matter anymore if they would fix this in vB 5.2.4.

This hack is also posted in my site here (http://vbmods.rocks/forum/vbulletin-5-modifications/vbulletin-5-core-hacks/309-quick-fix-for-the-reset-password-page-being-inaccessible-to-logged-out-users-in-a-private-forum).