Skip to Main Content
Recently, Wu and Chieu proposed 'a user friendly remote user authentication scheme with smart cards'. We point out that their scheme is vulnerable and susceptible to the attacks and can easily be cryptanalyzed. Their scheme provides only unilateral authentication (only client authentication) and there is no mutual authentication between user and remote system, so their scheme suscepts from the server spoofing attack. Their scheme also suffers from the impersonation attack and an adversary can easily impersonate a valid user. Furthermore, we describe that an adversary can login into the system by copying the data of stolen or lost smart card of a legitimate user. Moreover, we discuss that Wu and Chieu's scheme has poor reparability, which makes it infeasible to implement.