diff --git a/webmin/change_session.cgi b/webmin/change_session.cgi
index b53fab7a7..84b589eec 100755
--- a/webmin/change_session.cgi
+++ b/webmin/change_session.cgi
@@ -152,7 +152,16 @@ elsif ($in{'md5pass'} == 3) {
$need = &acl::check_yescrypt();
$need && &error(&text('session_eyescrypt', "$need"));
}
+
$gconfig{'md5pass'} = $in{'md5pass'};
+
+# Save forgotten password mode
+if ($in{'forgot'} && &foreign_installed("virtualmin-password-recovery") &&
+ $text{'session_postfix'} =~ /virtualmin-password-recovery/) {
+ &error(&text('session_eforgot', 'edit_mods.cgi?tab=delete'));
+ }
+$gconfig{'forgot_pass'} = $in{'forgot'};
+
&write_file("$config_directory/config", \%gconfig);
&unlock_file("$config_directory/config");
diff --git a/webmin/edit_session.cgi b/webmin/edit_session.cgi
index ba81bdf8f..356ee914a 100755
--- a/webmin/edit_session.cgi
+++ b/webmin/edit_session.cgi
@@ -150,6 +150,10 @@ print &ui_table_row($text{'session_passapi'},
[ 1, $text{'session_passapi1'} . " " .
&ui_help(&text('session_passurl', "$url")) ] ]));
+# Enable forgotten password recovery
+print &ui_table_row($text{'session_forgot'},
+ &ui_yesno_radio("forgot", $gconfig{'forgot_pass'}));
+
print ui_table_end();
print ui_form_end([ [ "save", $text{'save'} ] ]);
diff --git a/webmin/lang/en b/webmin/lang/en
index b62fa285f..0337c53e6 100644
--- a/webmin/lang/en
+++ b/webmin/lang/en
@@ -676,6 +676,8 @@ session_passapi=Enable remote password change API?
session_passapi0=API disabled
session_passapi1=API enabled for Unix users
session_passurl=When enabled, user passwords can be changed via a POST request to $1
+session_forgot=Allow forgotten password recovery?
+session_eforgot=Forgotten password recovery cannot be enabled unless the Virtualmin Password Recovery plugin module is first removed. This can be done on the Webmin Modules page.
assignment_title=Reassign Modules
assignment_header=Module category assignments