In 2000, Sun proposed an efficient remote user authentication scheme using smart cards (published in IEEE Transactions on Consumer Electronics, vol. 46, no. 4, 2000) Recently, Chien et al. pointed out that Sun's scheme only achieve the unilateral authentication. That is, only the authentication server can authenticate that of the remote user while the use cannot authenticate that of the server. Chien et al. further proposed a new efficient and practical solution to achieve the mutual user authentication (published in Computer & Security, vol. 21, No. 4 2002). This paper, however, will demonstrate that Sun's scheme is vulnerable to the off-line and on-line password guessing attacks and Chien et al.'s scheme is vulnerable to the parallel session attack.