CVE-2024-34891 – This vulnerability allows remote administrators... (How to Fix)

📋 TL;DR

This vulnerability allows remote administrators to read Exchange account passwords stored in DAV server settings via HTTP GET requests. It affects Bitrix24 installations running version 23.300.100. The issue stems from insufficient credential protection in the web interface.

💻 Affected Systems

Products:

1C-Bitrix Bitrix24

Versions: 23.300.100

Operating Systems: All platforms running Bitrix24

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations with DAV server configured for Exchange integration. Remote administrator access required.

📦 What is this software?

Bitrix24 by Bitrix24

View all CVEs affecting Bitrix24 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrators with malicious intent could steal Exchange account credentials, leading to email account compromise, data exfiltration, and lateral movement into connected systems.

🟠

Likely Case

Privileged users could access sensitive Exchange passwords, potentially enabling unauthorized email access and credential reuse attacks.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to authorized administrators who should already have legitimate access to some system functions.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires administrator credentials. GitHub repository contains proof-of-concept details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Later than 23.300.100

Vendor Advisory: http://bitrix24.com

Restart Required: No

Instructions:

1. Log into Bitrix24 admin panel
2. Check for available updates
3. Apply latest security patch
4. Verify DAV server settings no longer expose credentials

🔧 Temporary Workarounds

Disable DAV Server

all

Temporarily disable DAV server functionality if Exchange integration is not required

Restrict Admin Access

all

Limit administrator accounts to only trusted personnel and implement multi-factor authentication

🧯 If You Can't Patch

Implement strict network segmentation to isolate Bitrix24 from Exchange servers
Rotate all Exchange account passwords and monitor for unauthorized access

🔍 How to Verify

Check if Vulnerable:

Check if running version 23.300.100 and test HTTP GET requests to DAV server endpoints for credential exposure

Check Version:

Check Bitrix24 admin panel → Settings → About

Verify Fix Applied:

Verify version is updated beyond 23.300.100 and test that same endpoints no longer return credentials

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP GET requests to DAV server endpoints
Multiple failed authentication attempts followed by successful admin login

Network Indicators:

HTTP traffic patterns matching known exploit paths
Unexpected outbound connections to Exchange servers

SIEM Query:

source="bitrix24" AND (uri_path="/bitrix/admin/*dav*" OR uri_path="/bitrix/services/*dav*") AND status=200 AND response_size>1000

📊 Metadata

CVE ID: CVE-2024-34891

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE: CWE-312

Published: November 4, 2024

Last Updated: September 4, 2025

🔗 References

http://bitrix24.com Product
https://github.com/DrieVlad/BitrixVulns Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-34891, you might also want to check these: