Security of Li's authentication and key agreement with smart card

In 2005, Yoon et al. proposed a remote user authentication scheme using smart card. In 2009, Li pointed out that Yoon et al.'s scheme can't against denial of service attack and performs only unilateral authentication (only user authentication). He improved Yoon et al.'s scheme and claimed that the improved scheme can eliminate the vulnerability. However, we found Li's scheme is vulnerable to malicious mart card attack because an attacker can be authenticated by the remote user successfully. In this paper, we will demonstrate how to mount malicious attacks on Li proposed scheme.