The protocol that is used by the WatchGuard Single Sign-On (SSO) agent to communicate with the respective client services is neither encrypted, nor authenticated. The unprotected information that is communicated is used to decide which firewall rules should be applied for the given host. Consequently, attackers can relay connections to other clients in order to apply the firewall rules of the relay target to their own host. Similarly, attackers could implement their own protocol client to send arbitrary account and group information to the agent in order to lift firewall restrictions.