We show that the anonymous certificateless authentication scheme [IEEE TIFS, 9(12), 2014, 2327-2339] is very vulnerable to denial-of-service (DoS) attacks, because it does not develop a mechanism to help an application provider to verify the validity of a service request. A malicious attacker can launch massive requests without being detected. We would like to stress that anonymity and certificateless property could not be acquired concurrently. We think the availability should be put first above all else when one designs a cryptographic scheme.