Re: Explanation Please?
If following the standard it should be automatic, as your client device trsusts a forged message, that is the fundamental problem.. from there, you are just screwed.
It is essentially a MIM attack, and it can potentially be used to get you user/password to several services.