Recently, Guo et al. proposed a secure and efficient mutual authentication and key agreement protocol with smart cards for wireless communications. There are two main contributions of their scheme: confidentiality of the session key and updating the password efficiently. They claimed that their scheme could withstand various known types of attacks: user anonymity, withstanding the insider attacks, the replay attacks, and the offline dictionary attacks. However, we find some weaknesses of their scheme in this article. We show that their scheme is vulnerable to on-line password guessing with smart cards under stolen attacks and the denial of service attacks.