Owing to the individual privacy, system security and resource limitation of low-cost RF tag, ultralightweight RFID authentication has been massively investigated in these years. Recently, Kianersi et al. [3] and Lee et al. [4] proposed two well-studied RFID authentication schemes which attempt to achieve data confidentiality and tag computation efficiency. However, these two protocols are vulnerable as the shared secrets can be out of synchronization via a series of challenge-response operations. In this paper, we demonstrate the detailed malicious procedures on these two mechanisms and show their vulnerabilities.