CVE-2024-34887: n/a
CVE-2024-34887 is a vulnerability in 1C-Bitrix Bitrix24 that involves insufficient protection of credentials in Active Directory (AD) and LDAP server settings. Remote administrators with elevated privileges can exploit this flaw to exfiltrate AD/LDAP administrator account passwords by sending them via HTTP POST requests to arbitrary servers. The vulnerability does not require user interaction but does require high-level privileges (remote administrator access). It impacts confidentiality severely but does not affect integrity or availability. The vulnerability has a CVSS score of 6. 8 (medium severity) and is related to CWE-522 (Insufficiently Protected Credentials). No known exploits are currently reported in the wild. Organizations using Bitrix24 with integrated AD/LDAP authentication are at risk, especially those with remote admin access enabled. Mitigation involves securing credential storage, restricting remote admin access, and monitoring network traffic for suspicious HTTP POST requests. Countries with significant Bitrix24 usage and strategic interest in targeted AD/LDAP infrastructure are most at risk.
AI Analysis
Technical Summary
CVE-2024-34887 is a security vulnerability identified in the 1C-Bitrix Bitrix24 platform, specifically affecting the handling of credentials within Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) server settings. The vulnerability arises from insufficient protection of these credentials, allowing remote administrators who have elevated privileges within the Bitrix24 environment to exfiltrate AD/LDAP administrator passwords. This exfiltration is achieved by sending the credentials via HTTP POST requests to arbitrary external servers controlled by the attacker. The flaw does not require any user interaction but does require that the attacker already has remote administrative access, which implies a prerequisite level of trust or compromise. The vulnerability is classified under CWE-522, indicating that sensitive information is not adequately protected, leading to potential credential leakage. The CVSS v3.1 base score is 6.8, reflecting a medium severity level, with a vector indicating network attack vector (AV:N), low attack complexity (AC:L), high privileges required (PR:H), no user interaction (UI:N), and a scope change (S:C). The impact is primarily on confidentiality, as the attacker can obtain sensitive AD/LDAP credentials, but it does not directly affect integrity or availability of the system. No public exploits have been reported yet, but the vulnerability poses a significant risk to organizations relying on Bitrix24 for AD/LDAP integration, especially in environments where remote administrative access is enabled and not tightly controlled.
Potential Impact
The primary impact of CVE-2024-34887 is the compromise of confidentiality of AD/LDAP administrator credentials within organizations using Bitrix24. If exploited, attackers can gain access to highly privileged accounts that control directory services, potentially enabling further lateral movement, privilege escalation, and unauthorized access to critical enterprise resources. Although the vulnerability does not directly affect system integrity or availability, the exposure of administrator credentials can lead to severe downstream consequences, including data breaches, unauthorized modifications, and disruption of authentication services. Organizations with remote administrative access enabled are particularly vulnerable, as attackers can remotely exfiltrate credentials without user interaction. This risk is heightened in enterprises with complex AD/LDAP infrastructures integrated with Bitrix24, especially in sectors where directory services are critical for identity and access management. The absence of known exploits in the wild currently limits immediate widespread impact, but the medium severity rating and the nature of the credentials involved warrant prompt attention.
Mitigation Recommendations
To mitigate CVE-2024-34887, organizations should implement the following specific measures: 1) Immediately audit and restrict remote administrative access to Bitrix24, ensuring only trusted personnel have such privileges. 2) Review and enhance the protection of AD/LDAP credentials within Bitrix24 configurations, including encrypting stored credentials and using secure credential management solutions. 3) Monitor network traffic for unusual HTTP POST requests originating from Bitrix24 servers, particularly those sending data to unknown external endpoints. 4) Apply principle of least privilege to all administrative accounts and consider multi-factor authentication (MFA) for remote admin access to reduce risk of credential misuse. 5) Regularly update Bitrix24 to the latest versions once patches addressing this vulnerability are released, and subscribe to vendor advisories for timely updates. 6) Conduct penetration testing and security assessments focused on AD/LDAP integration points to identify and remediate similar credential exposure risks. 7) Implement network segmentation to isolate Bitrix24 servers from critical AD/LDAP infrastructure where feasible, limiting the blast radius of potential credential leaks.
Affected Countries
Russia, Ukraine, Belarus, Kazakhstan, Germany, United States, United Kingdom, France, India, Brazil
CVE-2024-34887: n/a
Description
CVE-2024-34887 is a vulnerability in 1C-Bitrix Bitrix24 that involves insufficient protection of credentials in Active Directory (AD) and LDAP server settings. Remote administrators with elevated privileges can exploit this flaw to exfiltrate AD/LDAP administrator account passwords by sending them via HTTP POST requests to arbitrary servers. The vulnerability does not require user interaction but does require high-level privileges (remote administrator access). It impacts confidentiality severely but does not affect integrity or availability. The vulnerability has a CVSS score of 6. 8 (medium severity) and is related to CWE-522 (Insufficiently Protected Credentials). No known exploits are currently reported in the wild. Organizations using Bitrix24 with integrated AD/LDAP authentication are at risk, especially those with remote admin access enabled. Mitigation involves securing credential storage, restricting remote admin access, and monitoring network traffic for suspicious HTTP POST requests. Countries with significant Bitrix24 usage and strategic interest in targeted AD/LDAP infrastructure are most at risk.
AI-Powered Analysis
Technical Analysis
CVE-2024-34887 is a security vulnerability identified in the 1C-Bitrix Bitrix24 platform, specifically affecting the handling of credentials within Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) server settings. The vulnerability arises from insufficient protection of these credentials, allowing remote administrators who have elevated privileges within the Bitrix24 environment to exfiltrate AD/LDAP administrator passwords. This exfiltration is achieved by sending the credentials via HTTP POST requests to arbitrary external servers controlled by the attacker. The flaw does not require any user interaction but does require that the attacker already has remote administrative access, which implies a prerequisite level of trust or compromise. The vulnerability is classified under CWE-522, indicating that sensitive information is not adequately protected, leading to potential credential leakage. The CVSS v3.1 base score is 6.8, reflecting a medium severity level, with a vector indicating network attack vector (AV:N), low attack complexity (AC:L), high privileges required (PR:H), no user interaction (UI:N), and a scope change (S:C). The impact is primarily on confidentiality, as the attacker can obtain sensitive AD/LDAP credentials, but it does not directly affect integrity or availability of the system. No public exploits have been reported yet, but the vulnerability poses a significant risk to organizations relying on Bitrix24 for AD/LDAP integration, especially in environments where remote administrative access is enabled and not tightly controlled.
Potential Impact
The primary impact of CVE-2024-34887 is the compromise of confidentiality of AD/LDAP administrator credentials within organizations using Bitrix24. If exploited, attackers can gain access to highly privileged accounts that control directory services, potentially enabling further lateral movement, privilege escalation, and unauthorized access to critical enterprise resources. Although the vulnerability does not directly affect system integrity or availability, the exposure of administrator credentials can lead to severe downstream consequences, including data breaches, unauthorized modifications, and disruption of authentication services. Organizations with remote administrative access enabled are particularly vulnerable, as attackers can remotely exfiltrate credentials without user interaction. This risk is heightened in enterprises with complex AD/LDAP infrastructures integrated with Bitrix24, especially in sectors where directory services are critical for identity and access management. The absence of known exploits in the wild currently limits immediate widespread impact, but the medium severity rating and the nature of the credentials involved warrant prompt attention.
Mitigation Recommendations
To mitigate CVE-2024-34887, organizations should implement the following specific measures: 1) Immediately audit and restrict remote administrative access to Bitrix24, ensuring only trusted personnel have such privileges. 2) Review and enhance the protection of AD/LDAP credentials within Bitrix24 configurations, including encrypting stored credentials and using secure credential management solutions. 3) Monitor network traffic for unusual HTTP POST requests originating from Bitrix24 servers, particularly those sending data to unknown external endpoints. 4) Apply principle of least privilege to all administrative accounts and consider multi-factor authentication (MFA) for remote admin access to reduce risk of credential misuse. 5) Regularly update Bitrix24 to the latest versions once patches addressing this vulnerability are released, and subscribe to vendor advisories for timely updates. 6) Conduct penetration testing and security assessments focused on AD/LDAP integration points to identify and remediate similar credential exposure risks. 7) Implement network segmentation to isolate Bitrix24 servers from critical AD/LDAP infrastructure where feasible, limiting the blast radius of potential credential leaks.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2024-05-09T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6c54b7ef31ef0b5630a9
Added to database: 2/25/2026, 9:40:36 PM
Last enriched: 2/26/2026, 4:50:03 AM
Last updated: 2/26/2026, 8:03:38 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-25191: Uncontrolled Search Path Element in Digital Arts Inc. FinalCode Ver.5 series
HighCVE-2026-23703: Incorrect default permissions in Digital Arts Inc. FinalCode Ver.5 series
HighCVE-2026-1311: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in bearsthemes Worry Proof Backup
HighFinding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance [Guest Diary], (Tue, Feb 24th)
MediumCVE-2026-2506: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in motahar1 EM Cost Calculator
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.