International Journal of Computer Applications
User authentication is one of the fundamental procedures to provide secure communications between user and server over an insecure public channel. Recently, Wang et. al. proposed password-based user authentication scheme based on hash function and modular exponentiation and they claimed that their scheme provides strong authentication than related scheme. But in this paper, it is pointed out that their scheme suffers from off-line password guessing attack, off-line identity guessing attack, user impersonation attack, server masquerading attack, smart card stolen attack and password change attack.