User authentication is a basic security requirement during the deployment of the wireless sensor network (WSN), because it may operate in a rather hostile environment, such as a military battlefield. In 2010, Khan and Alghathbar (KA) found out that Das's two-factor user authentication scheme for WSNs is scheme to overcome the security flaws of Das's scheme. However, in this paper, we show that KA's scheme still suffers from the GW-node impersonation attack, the GW-node bypassing atta
