{"id":"CVE-2022-41859","details":"In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.","modified":"2026-04-02T08:16:26.467988Z","published":"2023-01-17T18:15:11.287Z","related":["ALSA-2023:2166","ALSA-2023:2870","MGASA-2022-0482","SUSE-SU-2022:4620-1","SUSE-SU-2022:4621-1","SUSE-SU-2022:4622-1","SUSE-SU-2022:4626-1","SUSE-SU-2023:0124-1","SUSE-SU-2023:0135-1","openSUSE-SU-2024:13386-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/06/msg00030.html"},{"type":"FIX","url":"https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f"},{"type":"FIX","url":"https://freeradius.org/security/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freeradius/freeradius-server","events":[{"introduced":"0"},{"fixed":"580424ea12feeb5933f1aaac33fd5f9e2fa2ee60"},{"fixed":"9e5e8f2f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.0.0"}]}}],"versions":["branch_3_1_x","branch_4_0_0","first-build","release_0_1_0","release_0_2_0","release_0_3_0","release_0_4_0","release_0_5_0","release_0_6_0","release_0_7_0","release_0_7_1","release_0_8_1","release_0_9_0","release_0_9_0_final","release_0_9_0_pre2","release_0_9_0_pre3","release_0_9_1","release_0_9_2","release_0_9_3","release_1_0_0","release_1_0_0_pre1","release_1_0_0_pre2","release_1_0_0_pre3","release_1_0_1","release_1_0_2","release_1_0_3","release_1_0_4","release_1_0_5","release_1_1_0","release_1_1_0_pre0","release_1_1_1","release_1_1_2","release_1_1_3","release_1_1_4","release_1_1_5","release_1_1_6","release_1_1_7","release_1_1_8","release_2_0_0","release_2_0_0_pre1","release_2_0_0_pre2","release_2_0_1","release_2_0_2","release_2_0_3","release_2_0_4","release_2_0_5","release_2_1_0","release_2_1_1","release_2_1_10","release_2_1_11","release_2_1_12","release_2_1_2","release_2_1_3","release_2_1_4","release_2_1_6","release_2_1_7","release_2_1_8","release_2_1_9","release_2_2_0","release_2_2_1","release_2_2_10","release_2_2_2","release_2_2_3","release_2_2_4","release_2_2_5","release_2_2_6","release_2_2_7","release_2_2_8","release_2_2_9","release_3_0_0_beta0","release_3_0_0_beta1","release_3_0_0_rc0","release_3_0_0_rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41859.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}