With the advent of cloud computing, drastic growth of Internet and mobile technologies, there is an exponential growth of ubiquitous users, who are trying to access the cloud server for critical data and resources over an insecure communication channel called Internet. Remote cloud servers need to authenticate the remote users upfront to offer data storage, scheduling and processing services. Hence, secure authentication or verification protocols have been designed to assure authenticity of the remote user and reliability of the outsourced data. In 2011, Hao et alfrom SUNY Buffalo, have proposed a time-bound ticket-based mutual verification scheme and claimed that their proposal is completely resistant to major cryptographic attacks. In this paper, we will show that Hao et al scheme is susceptible to all major cryptographic vulnerabilities like user impersonation attack, server masquerade attack etc.