Abstract: The three-party password-based authenticated key exchange protocol based on the CCDH assumption is analyzed. It is demonstrated that this protocol has security vulnerabilities from on-line guessing attack and lacks a perfect authentication mechanism. This paper presents an attack scheme to the protocol. Our attack scheme shows that an adversary can get other legitimate user's password successfully by on-line guessing cyclically.