The verifier-based key exchange protocol for three parties deals with the authenticated key agreement process between two clients with the help of a trusted server who have to store their verifiers in the server for authentication. Recently, Liu et al. proposed a key exchange protocol for three-party based on verifier authentication and claimed that their protocol could resist many familiar attacks. Unfortunately, we find out that the proposed protocol is insecure against off-line guessing attack and impersonation attack. In this paper, we conduct a detailed analysis on the flaws of Liu et al.’s protocol. In addition, a new protocol is presented with security analysis.