Abstract Mobile ad hoc networks (MANETs) are collections of wireless mobile devices with restricted broadcast range and resources and no fixed infrastructure. Communication is achieved by communicating data along suitable routes that are dynamically discovered and maintained through association between the nodes. Discovery of such routes is a major task both from good organization and security points of view. Recently a security model tailored to the specific requirements of MANETs. A novel route discovery algorithm called endairA is also proposed together with a claimed security proof within the same model. In this paper we show the security proof for the route discovery algorithm endairA is malfunctioning and moreover this algorithm is vulnerable to a hidden channel attack. We also analyze the security framework that is used for route discovery and argue the compos ability is an essential feature for ubiquitous applications. We conclude by discussing some of the major security challenges for route discovery in MANETs.