Recently, Das, Saxena and Gulati proposed a dynamic Id based remote user authentication scheme that allows the users to choose and change their passwords freely and does not maintain verifier table. But their scheme has few weaknesses and cannot achieve mutual authentication. In 2005, Liao, Lee and Hwang showed that Das et al. scheme is vulnerable to guessing attack and proposed an enhanced scheme which also achieves mutual authentication. In this paper we show that Liao et. al's. scheme cannot withstand impersonation attack, reflection attack and it is completely insecure as a user can successfully log on to a remote system with a random password.
Mohammed Misbahuddin, C. Shoba Bindu