RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
[
{
"vendor": "IETF",
"product": "RFC",
"versions": [
{
"status": "affected",
"version": "2865"
}
]
}
]