Sistason

**Name of the Vulnerable Software and Affected Versions** OpenSlides versions prior to 4.2.29 **Description** OpenSlides is a web-based presentation and assembly system. Prior to version 4.2.29, a flaw exists in access control for users synchronized via an external IDP, allowing local logins with a trivial password. Specifically, users can log in using the OpenSlides username of a SAML user and any simple password, as the password is valid for all SAML users. This allows unauthorized access to accounts synced through SAML. The vulnerable component involves the local login form and SAML user authentication. **Recommendations** Update to version 4.2.29 or later.