diff --git a/privacyidea_radius.pm b/privacyidea_radius.pm
index bd1bb97..5bdc1a3 100644
--- a/privacyidea_radius.pm
+++ b/privacyidea_radius.pm
@@ -161,7 +161,7 @@ use Try::Tiny;
 use JSON;
 use Time::HiRes qw( gettimeofday tv_interval );
 use URI::Encode;
-
+use Encode::Guess;
 
 # use ...
 # This is very important ! Without this script will not get the filled hashes from main.
@@ -423,6 +423,15 @@ sub authenticate {
             my @p = split(/\0/, $password);
             $password = @p[0];
         }
+        # Decode password (from <https://perldoc.perl.org/Encode::Guess#Encode::Guess-%3Eguess($data)>)
+        my $decoder = Encode::Guess->guess($password);
+        if ( ! ref($decoder) ) {
+            radiusd::radlog( Info, "Could not find valid password encoding. Sending password as-is." );
+            radiusd::radlog( Debug, $decoder );
+        } else {
+            &radiusd::radlog( Info, "Password encoding guessed: " . $decoder->name);
+            $password = $decoder->decode($password);
+        }
         $params{"pass"} = $password;
     } elsif ( $Config->{ADD_EMPTY_PASS} =~ /true/i ) {
         $params{"pass"} = "";