[Owncloud] Session hijacking vulnerability caused by time based token-generation.
Marc.Muehlfeld at medizinische-genetik.de
Wed Dec 14 09:43:44 UTC 2011
maybe it's better to send the details of vulnerables only to the team members
and not to the list. If to detailed information are public it increases the
risk of attacks until a fix is available.
Maybe the team can provide a separate email address for security on the
homepage until a bugtracker exists which allows to mark bugs as
More information about the Owncloud