CVE-2006-3796 Information

Description

DeluxeBB 1.07 and earlier does not properly handle a username composed of a single space character which allows remote authenticated users to login as the \space\ user post as the guest user and block the ability of an administrator to ban the \space\ user.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html http://securityreason.com/securityalert/1254 http://www.securityfocus.com/archive/1/440435/100/0/threaded http://www.securityfocus.com/bid/19052