H2-MAC, which was proposed by Kan Yasuda in Information Security Conference (ISC) 2009, is a new type of MAC construction. Compared with HMAC,H2-MAC is much easier for algorithm implementation and key management, for it gets access to the key only once. This paper first presents an equivalent key recovery attack H2-MAC-SHA-1 reduced to 53 (20-72) steps, which conduces to a universal forgery attack directly. Firstly, an H2-MAC-SHA-1 distinguisher is constructed. Then, the intermediate chaining variable, i.e., the equivalent key is recovered by using the distinguisher and bit flipping technology. Consequently, the universal forgery attack is processed. The adversary unknowing the secret key can process the universal forgery attack by computing the valid MAC value of M, which can be an arbitrary message. The complexity of the attack is about 299 queries, which is much lower than the ideal complexity of the universal forgery.