CVE-2006-3796

2006-07-2121:00:00

mitre

www.cve.org

AI Score

6.2

Confidence

Low

EPSS

0.012

Percentile

85.0%

JSON

DeluxeBB 1.07 and earlier does not properly handle a username composed of a single space character, which allows remote authenticated users to login as the “space” user, post as the guest user, and block the ability of an administrator to ban the “space” user.

References

lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html

securityreason.com/securityalert/1254

www.securityfocus.com/archive/1/440435/100/0/threaded

www.securityfocus.com/bid/19052