Auctions have a long history, having been recorded as early as 500 B.C. With the rise of Internet, electronic auctions have been a great success and are increasingly used. Many cryptographic protocols have been proposed to address the various security requirements of these electronic transactions, in particular to ensure privacy. In 2006, Brandt developed a protocol that computes the winner using homomorphic operations on a distributed ElGamal encryption of the bids. He claimed that it ensures full privacy of the bidders, i.e. that no information apart from the winner and the winning price is leaked. We show that this protocol -- when using interactive zero-knowledge proofs -- is vulnerable to attacks by dishonest bidders. Such bidders can manipulate the publicly available data in a way that allows the seller to deduce all participants' bids. Additionally, even if non-interactive zero-knowledge proofs are used, we show that the protocol is vulnerable to a different attack, which allows to recover one targeted bidder's bid.