Remote authentication is a method to authenticate remote users over insecure communication channel. Password-based authentication schemes have been widely deployed to verify the legitimacy of remote users. Very recently, Hsiang et al. pointed out that Yoon et al's scheme is vulnerable to parallel session attack, masquerading at- tack and password guess attack. They proposed an improved scheme to remedy these pitfalls. They claimed their scheme can against parallel session attack, masquerading attack and password guess attack. However, we find that Hsiang et al.'s scheme is vulnerable password guess attack, masquerading user attack and masquerading server attack.