In 2005, Yang, Wang, and Chang proposed an improved timestamp-based password
authentication scheme in an attempt to overcome the flaws of Yang-Shieh_s
legendary timestamp-based remote authentication scheme using smart cards. After
analyzing the improved scheme proposed by Yang-Wang-Chang, we have found that
their scheme is still insecure and vulnerable to four types of forgery attacks.
Hence, in this paper, we prove that, their claim that their scheme is
intractable is incorrect. Also, we show that even an attack based on Sun et
al._s attack could be launched against their scheme which they claimed to
resolve with their proposal.Comment: 3 Page
