We have a page that contains a template based button that redirects to another page with page access protection enabled. The button template includes a href attribute:
We've found that if one of the parameters passed in the URL contains spaces they are not being escaped correctly and the resulting checksum is invalid. The spaces are being escaped with %2520 instead of %20.
If we remove the href="#LINK#" from the button template the problem goes away, which is what we've done as a workaround.
This sounds similar to bug #12971989 which was supposed to have been fixed.
Out of interest, can you tell me which theme are you using, is it one of the APEX built-in ones, or something custom? I searched our 4.2.3 code base for such references and found none, so perhaps this is either from a legacy theme, or do you know if it has been customised?