[Owncloud] Session hijacking vulnerability caused by time based token-generation.

[Marc Muehlfeld]

Hi,

maybe it's better to send the details of vulnerables only to the team members 
and not to the list. If to detailed information are public it increases the 
risk of attacks until a fix is available.

Maybe the team can provide a separate email address for security on the 
homepage until a bugtracker exists which allows to mark bugs as 
not-public-visible.

Regards,
Marc