The Authentication Protocol

In the previous attack, we needed to know a single plaintext/ciphertext pair.
How hard is that to get, really?
In fact, the authentication protocol gives it to the adversary for free!

This is a major disaster in the design!
The authentication protocol is supposed to prove that a certain client knows the shared secret k
But if I watch you prove it, I can turn around and execute the protocol myself!
"What's the password?"