Z can directly alter the login request {Q, S, TID} into a password changing As a result, U holds its original password while NCC is cheated to store a totally space analysis, NCC stores not only {UID, TID, PW} but also user's last login .