Recently, Yeh et al. proposed an improved password authenticated key exchange scheme (YSYCT scheme) which is secure against undetectable on-line password guessing attacks and provides the explicit key authentication. In this article, readers can understand that the YSYCT scheme still is insecure and the user's password can be ex- posed by man-in-the-middle attack. Besides, an improved protocol is proposed to avoid this attack.