Concrete CMS is vulnerable to insecure sessions management. The vulnerability exists in the `attemptAuthentication` function in `GenericOauthTypeController.php` where it does not issue a new session ID upon successful `OAuth` authentication.Read More