The identity-based infrastructure introduced by Shamir allows a user's public key to be easily derivable from her known identity information such as an email address or a cellular phone number. Such cryptosystems alleviate the certificate overhead and solve the problems of PKI technology. In this letter, we show that two identity-based authenticated key agreement protocols proposed by Holbl and Welzer are completely broken.