A "main-in-the-middle" or a counterfeit server can choose the challenge "C8" which the client will then encrypt using a key derived from the client's password. The ability to choose the plaintext to be encrypted is known to make breaking many ciphers much easier.