In a WPA2 (802.1X) scenario, there are 3 entities -> Supplicant (client), Authenticator (router) and Authentication server (Radius server). Radius server performs the authentication process and, as far as I understand, in the authentication process, the router works only as a proxy.
If an attacker is able to sniff the communication between the client and the router during WPA2 (802.1X) handshake, can he observe the client's credentials?
Or does the client somehow (e.g. using some sort of Diffie Hellman algorithm or using Radius server certificate returned to the client by the router) encrypt the credentials?
Or does it depend on the specific configuration? What conditions would have to be met in order for the attacker to successfully intercept the user credentials?
Thank you
