Lee et al [4] proposed two new authenticated multiple key exchange protocols based on Elliptic Curve Cryptography (ECC) and bilinear pairings. In this paper, we show an impersonation attack on their pairing-based authenticated key exchange protocol. We demonstrate that any attacker can impersonate an entity to share multiple session keys with another entity of his/her choice by using only the public key of the victim. Moreover, their protocol fails to provide perfect forward secrecy, despite of their claim to the contrary. Thus, we propose a simple modification to the original protocol which avoids our attack. (C) 2009 Elsevier Ltd. All rights reserved.