Recently, Yang et al. proposed an security of improvement on Tseng et al.'s protected password transmission scheme to withstand replay attacks, guessing attacks, server spoofing and modification attacks. However, as we will point out in this paper, any adversary can intercept the request for changing the password sent by a legal user and replace the new password with the original password. thus, these protocols are vulnerable to denial of service attacks. Furthermore, we extend their work so that t...