Thanks for bringing this up. I've created a couple of submit requests for our openSUSE products enabling this feature within wpa_supplicant this: Factory: https://build.opensuse.org/request/show/637009 Leap 15.0: https://build.opensuse.org/request/show/637012 Leap 42.3: https://build.opensuse.org/request/show/637014 Our version of wpa_supplicant in Leap 42.3 is based on upstream version 2.2, which was vulnerable to a couple of CVEs in the EAP-PWD component (CVE-2015-5314, CVE-2015-5315, CVE-2015-5316), but they have been fixed with the patches However, these patches are missing the CVE references and I don't want to simply add them to the changes file, since this will confuse our tooling.