Quote:
Originally Posted by jcsike
through your username/password, you mean. you couldnt call up your clients, one at a time and ask them to change the pw and upgrade their security?
|
Those who we had an indication had a problem were notified. And we changed all passwords.
It is my belief that someone is accessing the server that NATS is on and retrieving the admin password directly from the server. Then using that password in whatever script they have to login as it is less obvious than them accessing your box directly on a regular basis.
We are however changing our policy to no longer keep any NATS admin passwords as we have done with SSH info in the past to be sure it is not something on our end.