The cases in which Diffie-Hellman become unsecure and
easily breakable are:-
- There are degenerate cases in which the protocol doesn’t work
(i.e. it can be broken). For example, when g^ x or g^y equals one,
the shared secret key becomes 1. Since the communication channel is
public anybody can detect this anomaly.
- If one of x and y can be easily determined, the protocol can be
broken. For example, if x equals 1 then g^z = g which any observant
attacker will be able to detect.
- The pseudo-random numbers must be chosen extremely carefully
because systems can be broken if inadequate pseudorandom functions
or badly chosen seed are used.
Please upvote the answer if it helps you.