Currently, smart card based remote user
authentication schemes have been widely adopted due to their low cost and
convenient portability. With the purpose of using various different internet
services with single registration and to protect the users from being tracked,
various dynamic ID based multi-server authentication protocols have been proposed.
Recently, Li et al. proposed an efficient and secure dynamic ID based
authentication protocol using smart cards. They claimed that their protocol
provides strong security. In this paper, we have demonstrated that Li et al.’s
protocol is vulnerable to replay attack, denial of service attack, smart card
lost attack, eavesdropping attack and server spoofing attacks.