In this paper, we analyze the security of the RFID authentication protocol proposed by Choi et al. at SecUbiq 2005. They claimed that their protocol is secure against all possible threats considered in RFID systems. However, we show that the protocol is vulnerable to an impersonation attack. Moreover, an attacker is able to trace a tag by querying it twice, given the initial information from 2([log2(l+1)]) + 1(approximate to l + 2) consecutive sessions and 2(.)2([log2(l+1)]) (approximate to 2(l + 1)) consecutive queries, where l is the length of secret values (in binary).