The vulnerability arises from the failure to enforce the minimum length for the authentication tag as specified in the RFC, allowing an attacker to specify a one-byte tag length and use brute force to determine the correct tag value.
