RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
This vulnerability allows an attacker performing a man-in-the-middle attack between a vulnerable system and a RADIUS server to bypass authentication and escalate privileges when RADIUS authentication is used with either CHAP or PAP authentication.
Affected
WatchGuard is investigating this vulnerability's potential impact on our products and services.