iked in OpenIKED, as used in OpenBSD up to and including 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches.
openbsd openbsd