Cryptanalysis of an enhanced timestamp-based password authentication scheme

Recently, Fan proposed an enhanced scheme to improve the security of Yang-Shieh’s timestamp-based password authentication scheme. The enhanced scheme can withstand the attacks presented by Chan, Cheng and Fan. In this paper, we show that the enhanced scheme is still insecure. An intruder is able to construct a forged login request by intercepting the legitimate login requests and pass the system authentication with a non-negligible probability.