CVE-2021-43834

Name of the Vulnerable Software and Affected Versions: eLabFTW versions prior to 4.2.0

Description: The issue allows an attacker to authenticate as an existing user if that user was created using a single sign-on authentication option such as LDAP or SAML. It impacts instances where LDAP or SAML is used for authentication instead of the local password mechanism.

Recommendations: For versions prior to 4.2.0, upgrade to at least version 4.2.0 to resolve the issue. As a temporary workaround, consider restricting the use of single sign-on authentication options until the upgrade is applied.