In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. https://nvd.nist.gov/vuln/detail/CVE-2022-41859