This comes down to the two systems using different password encryptions. After exporting the users from CB to phpbb the user must login to the CB Site. Then during the login process, assuming the password is correct in CB, it updates the phpbb password. Then after this first update the user can login to either CB or phpbb.
Again it has to do this because both systems use a different 1-way hash encryption on their passwords (i.e. can not unencrypt to re-encrypt in the other scheme). After the 1-time login on the CB Site it then puts the correctly encrypted password in the phpbb tables. A similar thing happens when importing users from phpbb to CB except that since you are logging into the CB site anyway you don't notice this happening under the hood. Be assured though that during this initial login it does verify with the originating system that the password is correct before re-encrypting the password for the other system.