In 2010, Yuan et al. proposed a biometric-based user authentication scheme for wireless sensor networks (WSN). However, this paper demonstrates that Yuan et al.'s scheme has some drawbacks: insider attack, impersonation attack by a malicious registered user, and GW-node or sensor node impersonate attacks. To mitigate the security breaches, this paper also proposes a new biometric-based user authentication scheme without using password for WSN. The proposed scheme does not require the user password and uses only hash function. As a result, the proposed scheme has more efficiency and strong security compared with related schemes.