Security related issues

There are 3 issues related to security we found in CQ5. Is there a way we can resolve these issues or these are already known issues in CQ5.

1. Session is not getting timed out after 30 mins of inactivity on Author and Publisher journey.Session is not getting timed out after 30 mins of inactivity on Author and Publisher journey.
2. Account is not getting locked after certain number of invalid attempts on Author and Publisher journey.
3. A misuser can get access to Author journey by hijacking his session using (present or previous) login-token.

Please suggest a solution for these.