Authentication is one of the most basic and important cryptographic tasks. Mutual authentication protocols play a crucial role on the security of RFID systems. In this paper, we consider the security of a recently proposed mutual authentication protocol by Wei et al. which is a hash based protocol. We present efficient tag impersonation attack, two desynchronization attacks, reader impersonation attack and traceability attack against this protocol. The success probabilities of the attacks are "1" or 1-2-(n-1), where n is the length of the secret value shared between the tag and the reader. The complexity of each one of the presented attacks is only two runs of protocol. Vulnerabilities presented in the present work rule out the practical usage of this protocol. To the best of our knowledge, this is the first security analysis of Wei et al.'s protocol. Finally, we exhibit an improved version of this protocol, which is immune against the attacks presented in this work. © Springer-Verlag Berlin Heidelberg 2012.