Within the laptop safety context, a hacker is someone who seeks and exploits weaknesses in a computer or computer network. The redirect_uri endpoint did not invalidate state values if they had been redeemed as soon as. Consequently, multiple requests to this endpoint including a legitimate state worth resulted in requests to the configured Token Endpoint being initiated by Keycloak. A malicious administrative person or malicious Identification Supplier could moreover improve the outgoing Token Request by choosing a looong path for the Token Endpoint URL and setting imaginary looong Client Credentials. technology information Consequently, one request to the Keycloak instance might be amplified a number of occasions in comparison with the request that’s received at the sufferer server’s end.