[Owncloud] Session hijacking vulnerability caused by time based token-generation.

Marc Muehlfeld Marc.Muehlfeld at medizinische-genetik.de
Wed Dec 14 09:43:44 UTC 2011


maybe it's better to send the details of vulnerables only to the team members 
and not to the list. If to detailed information are public it increases the 
risk of attacks until a fix is available.

Maybe the team can provide a separate email address for security on the 
homepage until a bugtracker exists which allows to mark bugs as 


More information about the Owncloud mailing list