A user of MediaWiki on a site that I support complained about this. I created a user ID (I don't normally use the wiki) and found that clicking on any user name in the user list (including my own, as a Sysop) throws a 403. I could find no reference to this particular problem, so I updated MediaWiki to 1.26.2 (from 1.23.6) in the hopes that the newer version would not have this problem, but it persists.
Any ideas?