Public joola.io bug reports.

Team Bounty Title
joola.io - Timing Attack Side-Channel on API Token Verification
joola.io - Weak Random Number Generator for Auth Tokens
joola.io - X-Content-Type-Options header missing
joola.io - Login password guessing attack
joola.io - SSH Port Wide Open
joola.io - HTTP Strict Transport Security (HSTS) Policy Not Enabled