Technical Report TR-99-8, LCIS, National Central University, Taiwan, R.O.C., September, 1999.

Abstract. In this article, one of the protocols proposed by Kwon, Kang, and Song in INFOCOM'97 will be shown to be insecure. The protocol is a password-based authentication and key-exchange scheme and it was claimed to be secure against dictionary attack. However, it will be shown that conventional replay attack, especially undetectable attack, can be possible under some assumptions.