CVE-2006-3796 - DeluxeBB 1.07 and earlier does not properly handle a username composed of a single space character,

CVE-2006-3796

Summary

DeluxeBB 1.07 and earlier does not properly handle a username composed of a single space character, which allows remote authenticated users to login as the "space" user, post as the guest user, and block the ability of an administrator to ban the "space" user.

References

http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html
http://securityreason.com/securityalert/1254
http://www.securityfocus.com/archive/1/440435/100/0/threaded
http://www.securityfocus.com/bid/19052

Vulnerable Configurations

cpe:2.3:a:deluxebb:deluxebb:*:*:*:*:*:*:*:*
cpe:2.3:a:deluxebb:deluxebb:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 17-10-2018 - 21:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	19052
bugtraq	20060718 DeluxeBB mutiple vulnerabilities
fulldisc	20060718 Advisory : DeluxeBB mutiple vulnerabilities
sreason	1254

Last major update

17-10-2018 - 21:30

Published

24-07-2006 - 12:19

Last modified

17-10-2018 - 21:30