CVE-2024-34891 is a security vulnerability identified in the 1C-Bitrix Bitrix24 platform, specifically version 23.300.100. The issue arises from insufficient protection of credentials stored within the DAV (Distributed Authoring and Versioning) server settings. This vulnerability allows remote administrators to extract Exchange account passwords by sending crafted HTTP GET requests to the affected server. The root cause is linked to CWE-312, which involves the storage or transmission of sensitive information in an insecure manner, leading to credential exposure. The attack vector is network-based (AV:N), requiring low attack complexity (AC:L) but does require privileges of an administrator (PR:H). No user interaction is necessary (UI:N), and the vulnerability impacts confidentiality with a high degree (C:H), while integrity and availability remain unaffected. The vulnerability has a CVSS v3.1 base score of 6.8, categorized as medium severity. Although no public exploits have been reported, the potential for credential theft could enable further unauthorized access or lateral movement within affected environments. The vulnerability is particularly critical in environments where Bitrix24 integrates with Microsoft Exchange for mail services, as compromised Exchange credentials could lead to significant data breaches or espionage. The lack of available patches at the time of publication necessitates immediate attention to configuration and access controls to mitigate risk.

The primary impact of CVE-2024-34891 is the compromise of Exchange account passwords, which directly threatens the confidentiality of sensitive email communications and related data. Attackers with remote administrator access can leverage this vulnerability to harvest credentials, potentially enabling unauthorized access to email accounts, internal communications, and other integrated services. This could lead to data leakage, espionage, or further compromise of enterprise networks through lateral movement. Since integrity and availability are not affected, the immediate risk is data exposure rather than service disruption or data manipulation. However, stolen credentials can facilitate more severe attacks, including phishing, impersonation, and privilege escalation. Organizations relying heavily on Bitrix24 for collaboration and Exchange for email services face increased risk, especially if administrative access is not tightly controlled or monitored. The absence of known exploits in the wild reduces immediate threat but does not eliminate the risk of targeted attacks or future exploit development.

To mitigate CVE-2024-34891, organizations should first verify if their Bitrix24 installations are running the affected version (23.300.100) or earlier versions with similar vulnerabilities. Since no official patches are currently available, administrators should restrict remote administrative access to trusted networks and IP addresses using network segmentation and firewall rules. Enforce strong authentication mechanisms, including multi-factor authentication (MFA), for all administrative accounts to reduce the risk of credential compromise. Review and harden DAV server settings to ensure credentials are not exposed via HTTP requests; consider disabling DAV integration if not required. Monitor network traffic for unusual HTTP GET requests targeting DAV endpoints and implement intrusion detection/prevention systems (IDS/IPS) to alert on suspicious activity. Regularly audit and rotate Exchange account passwords and review access logs for signs of unauthorized access. Stay updated with vendor advisories for patches or security updates addressing this vulnerability. Additionally, conduct security awareness training for administrators on secure configuration and credential management best practices.