What the vulnerability does

01Description

In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.

Key dates

02Disclosure timeline

January 17, 2023 CVE published
November 3, 2025 Record updated