Dhirubhai Ambani Institute of Information and Communication Technology
The authors have shown the security weaknesses of the Liaw et al.'s scheme. The design of the Liaw et al.'s scheme is so weak that anyone can login to the remote system by just intercepting a valid login message. Recently, Liaw et al. proposed a remote user authentication scheme using smart cards. Their scheme has claimed a number of features e.g. mutual authentication, no clock synchronization, no verifier table, flexible user password change, etc. They show that Liaw et al.'s scheme is completely insecure. By intercepting a valid login message in Liaw et al.'s scheme, any unregistered user or adversary can easily login to the remote system and establish a session key.