The group key agreement protocol enables to derive a shared session key for the remote members to communicate securely. Recently, several attempts are made to utilize group key agreement protocols for secure multicasting in Internet of Things. This paper contributes to identify the security vulnerabilities in the existing protocols, to avoid them in future constructions. The protocols presented by Gupta and Biswas have been found insecure to ephemeral secret key leakage (ESL) attack and also, malicious insiders can impersonate an honest participant. Additionally, the protocol presented by Tan is also ESL-insecure. We also present a fix to the Tan's protocol to make it secure.