Abstract

Abstract In 2009, Huang ( Int. J. Commun. Syst. , 22 , 857–862) proposed a simple and efficient three‐party password‐based key exchange protocol without server's public key. This work shows that the protocol could be vulnerable to an undetectable online password guessing attack. Furthermore, an improved protocol is proposed to avoid the attack. Copyright © 2011 John Wiley & Sons, Ltd.