Several lightweight RFID authentication protocols have been proposed to settle the security and privacy problems. Nevertheless, most of these protocols are analyzed and they are not successful in their attempt to achieve the claimed security objectives. In this paper, we consider the security of two recently proposed typical RFID authentication protocols: RAPLT protocol and SRP+ protocol. RAPLT protocol is a new ultra-lightweight RFID protocol based on two new operations named $$merge$$merge and $$separation$$separation. Utilizing the linear property of the $$merge$$merge operation, we present a passive disclosure attack on RAPLT protocol, and we can deduce the shared secrets with overwhelming probability after eavesdropping about 100 round authentication sessions. SRP+ protocol is a novel secure RFID authentication protocol conforming to the EPC C-1 G-2 standard, and we present efficient de-synchronization attack and passive disclosure attack through exhaustive search. Our disclosure attack only needs one run of the protocol, and the attack complexity is $$O(2^{16})$$O(216) evaluation of the PRNG function in off-line analysis mode. In addition, to counteract the vulnerabilities, we propose a new modified version of SRP+ protocol, denoted by $$ SRP ^{++}$$SRP++, conforming to the EPC C-1 G-2 standard. Our security analysis demonstrates that $$ SRP ^{++}$$SRP++ protocol can resist the exhaustive search attack with the complexity $$O(2^{32})$$O(232), which is the optimal security bound.