Solo sign-on (SSO) is a new authentication mechanism that enables a legal user with a single credential to be authenticated by multiple service providers in a distributed computer network. Recently, a SSO scheme proposed and claimed its security by providing well organized security arguments. But their scheme is actually insecure as it fails to meet credential privacy and soundness of authentication. Specifically, we present two impersonation attacks i.e., credential recovering attack and impersonation attack without credentials. So we propose a more authentication scheme that overcomes these attacks and flaws by make use of efficient verifiable encryption of RSA signatures. We promote the formal study of the soundness of authentication as one open problem.