I received a report that a super user could not remove a former super user using the user management in settings.

The following is known about the user to be deleted:

• they are a former super user that has been modified to no access
• MFA is enabled
• Password was standard with common letters/numbers/characters
• Attempted password reset for both SU accounts

The following recreation steps were supplied:

• Log in as a current super
• Go to Admin User
• Click on the delete icon next to the old user
• Confirm deletion with current logged in super user password in confirmation dialog

Expected Behavior

The user targeted for deletion should be deleted.

Current Behavior

The error message "The current password you entered is not correct"

Possible Solution

I could not recreate this.

Steps to Reproduce (for Bugs)

The following recreation steps were supplied:

• Log in as a current super
• Go to Admin User
• Click on the delete icon next to the old user
• Confirm deletion with current logged in super user password in confirmation dialog

Context

See above.

Your Environment

• Matomo Version: 4.12.2
• PHP Version: 8.0
• Server Operating System: Linux