[PHPBB3-6554] Duplicate user name exploit.

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Resolution: Fixed
Affects Version/s: 3.0.RC7
Fix Version/s: 3.0.0
Component/s: Authentication
Labels:
None
Environment:
PHP Environment: 5.2.1
Database: MySQL(i) 5.0.37

phpBB Import Key:
http://www.phpbb.com/bugs/all/ticket.php?ticket_id=15634

Description

It's possible for a user to register a user name that displays identically to an existing one, as long as the existing user name contains more than one word. This can lead to impersonation problems.

For example lets state that there's a user name called Joe Bloggs. Another user then registers another account with the same name, but puts two spaces between Joe and Bloggs instead of one. The second name is deemed unique by the registration process, but when displayed only one space will be shown between the two words of the name in most browsers.

Attachments

Activity

People

Assignee:: Nils Adermann

Reporter:: Paul Grayson [X] (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 28/Nov/07 2:29 PM

Updated:: 09/Dec/07 10:12 AM

Resolved:: 09/Dec/07 10:12 AM