BUG-000114489 : SSRF in Portal for ArcGIS Leaking NTLMv2 Hashes

This was found and responsibly disclosed to the ArcGIS team last year. Issue was given BUG id 000114489 and patch has been released.

TL;DR

The attacking point can be captured from ArcGis Portal that located at /home/webmap/viewer.html