All parts of the overall NetWare system are objects. Each object in the security model has an Access Control List, or ACL. Objects are clustered together in an overall hierarchy. There are a total of five different levels of access that can be logically defined from the security model - not logged in, logged in, supervisory access, administrative access, and console access.
NetWare server(<=4.X) by design itself does not offer much in the way of protection as there is no means of auditing events done at the console. This is a physical security concern.
There is a security concern as the supervisor account password is the same as the first password for the Admin user until it is changed using a bindery administration utility.
Similar concerns in Novell are exploited by vigilant attackers .
Novell Password cracking tools can provide the attackers with room for further actions.