This was always resulting in a password of E8AEA545 for me. I then tried dumping application.fc.utils.createJavaUUID() on a page. When I did this, the first 8 digits changed each time I reloaded the page, while the rest of the digits remained the same.
Here are some examples of UUID's generated by this method:
In /core/webskin/farUser/forgotChangePasswordEmail.cfm, the new password is generated like this:
cfset stProperties.password = "#right(application.fc.utils.createJavaUUID(),8)#"
This was always resulting in a password of E8AEA545 for me. I then tried dumping application.fc.utils.createJavaUUID() on a page. When I did this, the first 8 digits changed each time I reloaded the page, while the rest of the digits remained the same.
Here are some examples of UUID's generated by this method:
D7238750-C8B1-11DE-A5C10024E8AEA545
5BA382F0-C8B2-11DE-A5C10024E8AEA545
63B73AE0-C8B2-11DE-A5C10024E8AEA545
68CF17F0-C8B2-11DE-A5C10024E8AEA545
6D35CD70-C8B2-11DE-A5C10024E8AEA545
etc...
To work around this, I overrode the forgotChangePasswordEmail.cfm file and changed this line to:
cfset stProperties.password = Right(CreateUUID(), 8)