Because the challenge is plaintext, an eavesdropper can acquire known plaintext/ciphertext pairs. It can then test a guess at a password by using it to generate a key, encrypting the plaintext, and comparing it to the corresponding ciphertext.