Problem description
A programming error in the implementation of the
AES-XCBC-MAC algorithm for authentication resulted in a
constant key being used instead of the key specified by the
system administrator.
Impact
If the AES-XCBC-MAC algorithm is used for authentication in
the absence of any encryption, then an attacker may be able to
forge packets which appear to originate from a different
system and thereby succeed in establishing an IPsec session.
If access to sensitive information or systems is controlled
based on the identity of the source system, this may result
in information disclosure or privilege escalation.