The attacker can precompute the response for many common passwords to a challenge of its choice, and build a dictionary of (response, password) pairs. It can then use the chosen plaintext attack to acquire a response corresponding to that challenge, and just look up the password in the dictionary.