In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.
[
{
"vendor": "n/a",
"product": "freeradius",
"versions": [
{
"version": "unknown",
"status": "affected"
}
]
}
]