CVE-2024-34887

Name of the Vulnerable Software and Affected Versions 1C-Bitrix Bitrix24 version 23.300.100

Description The issue is related to insufficiently protected credentials in AD/LDAP server settings, allowing remote administrators to send AD/LDAP administrators' account passwords to an arbitrary server via HTTP POST request. This can enable a remote attacker to gain access to domain controller (AD) credentials.

Recommendations For version 23.300.100, consider restricting access to the AD/LDAP server settings to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vulnerable AD/LDAP configuration in the affected Bitrix24 version.