Recently, Chen et al. proposed an efficient three-party encrypted key exchange protocol based upon Schnorr’s digital signature scheme with fewer rounds. However, J.H. Yang and C. C. Chang showed that Chen et al.’s protocol still has the high computation cost and communication cost. Moreover, Chen et al.’s protocol suffers from stolen-verifier attacks. Then J.H. Yang and C. C. Chang proposed a three-party authenticated key exchange protocol without password by using elliptic curve cryptography. Their improved protocol requires smaller transmitted message size and less communication times, which is well suitable for resource-limited environments such as mobile communication and mobile commerce. Unfortunately, we find that Yang et al.’s protocol is vulnerable to replay attacks, denial-of-Service attacks and impersonation attacks.