CYBERCRIMINALS are exploiting the ArcGIS Account Recovery configurations to breach customer environments, according to Esri. As organizations implement multi-factor authentication (MFA), attackers have shifted focus to exploiting weaker account recovery mechanisms. The attack targets the password reset workflow by taking advantage of weak security questions and usernames.
To mitigate risks, administrators must disable weak built-in accounts, avoid common usernames for recovery, and enhance email validation by implementing SMTP. A security patch will be released soon to further secure the recovery process, emphasizing the need for centralized identity management.