The protocol does not prevent session spoofing. The encryption key is set by the remote side and if someone records the whole session, she might reproduce the very same packets.
Log in to post a comment.