IoT (Internet of Things) consists of various devices such as cars, electrical appliances, machines, and sensors. With IoT technologies, devices exchange information through the network, people are allowed to obtain information collected by devices without interacting with them, and automatic operations for devices are realized. Owing to the variety of IoT devices, some of them possess limited computational capability. On the other hand, data transmission in IoT networks is usually through a public channel. To ensure efficiency and security in IoT environments, Lee et al. presented a three-factor authentication scheme with XOR operation and hash function. Their scheme possessed superior properties and prevented common attacks. Analyzing the scheme revealed that five flaws threaten the scheme. This paper shows how the flaws threaten the scheme in detail.