RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
[
{
"cpes": [
"cpe:2.3:a:ietf:rfc:2865:*:*:*:*:*:*:*"
],
"vendor": "ietf",
"product": "rfc",
"versions": [
{
"status": "affected",
"version": "2865"
}
],
"defaultStatus": "unknown"
}
]