FreeBSD -- Missing IPsec anti-replay window check
A missing check means that an attacker can reinject an old packet and
it will be accepted and processed by the IPsec endpoint.
The impact depends on the higher-level protocols in use over IPsec.
For example, an attacker who can capture and inject packets could
cause an action that was intentionally performed once to be repeated.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright