In large-scale client-client communication environments, Password-Authenticated Key Exchange (PAKE) based on trusted server is very convenient in key management. For enhancing the efficiency and preventing various attacks, Wang and Mo proposed a three-PAKE protocol, Yoon and Yoo proposed a C2C-PAKE protocol. However, in this paper, we show that the Wang-Mo protocol and the Yoon-Yoo protocol exist impersonation attack.