CVE-2024-34887: 
Homebrew vulnerability analysis and mitigation

CVE-2024-34887 is a security vulnerability discovered in 1C-Bitrix Bitrix24 version 23.300.100, specifically affecting the AD/LDAP server settings functionality. The vulnerability was disclosed on May 9, 2024, and allows remote administrators to send AD/LDAP administrator account passwords to an arbitrary server via HTTP POST request (MITRE CVE, NVD).

The vulnerability stems from insufficiently protected credentials in the AD/LDAP server settings. When an administrator uses the "Check Connection" button in the AD/LDAP module settings, they can enter an attacker-controlled IP address in the server parameters. This results in the AD domain administrator password being transmitted in clear text via an HTTP POST request (BitrixVulns). The vulnerability has been assigned a CVSS v3.1 base score of 4.9 (Medium) by NVD with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N, while CISA-ADP assessed it at 6.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N (NVD).

The vulnerability allows attackers with administrative access to capture AD/LDAP administrator credentials in clear text. This exposure of sensitive authentication credentials could potentially lead to unauthorized access to the organization's Active Directory infrastructure (BitrixVulns).

Currently, there is no official fix available for this vulnerability. The recommended mitigation strategies include implementing the principle of least privilege for credentials and differentiating access rights based on role models (BitrixVulns).