CVE-2001-0645 in NetProwler
Summary
by MITRE
Symantec/AXENT NetProwler 3.5.x contains several default passwords, which could allow remote attackers to (1) access to the management tier via the "admin" password, or (2) connect to a MySQL ODBC from the management tier using a blank password.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 10/05/2025
The vulnerability identified as CVE-2001-0645 affects Symantec/AXENT NetProwler 3.5.x network security monitoring software, representing a critical authentication flaw that exposes sensitive management interfaces to unauthorized access. This issue stems from the inclusion of default credentials within the software configuration, specifically the "admin" password for management tier access and a blank password for MySQL ODBC connections. The vulnerability was particularly concerning given the widespread deployment of NetProwler in enterprise environments where network monitoring and security assessment capabilities were critical for organizational defense. The presence of hardcoded default credentials creates a persistent security risk that can be exploited by any attacker with network access to the affected system.
The technical implementation of this vulnerability involves the software's default configuration where administrative access credentials are not properly secured or randomized during installation. When the NetProwler management tier is deployed, it initializes with predictable authentication credentials that attackers can readily discover through documentation, public databases, or simple enumeration techniques. The MySQL ODBC connection component specifically uses a blank password, which represents a fundamental misconfiguration in the database connectivity layer. This flaw allows for unauthorized database access and potential data exfiltration, as the database connection can be established without any authentication requirements from the management tier. The vulnerability directly maps to CWE-798, which describes the use of hard-coded credentials, and CWE-312, which addresses the exposure of sensitive data through cleartext storage or transmission.
The operational impact of this vulnerability extends beyond simple unauthorized access to encompass potential full system compromise and data breaches. An attacker who successfully exploits these default credentials can gain administrative control over the NetProwler management interface, enabling them to modify monitoring rules, disable security features, or manipulate security event data to cover their tracks. The MySQL ODBC connection with blank password creates additional attack surface where database contents can be accessed, potentially exposing sensitive network information, security event logs, or configuration data stored within the database. This vulnerability aligns with ATT&CK technique T1078.004, which describes legitimate credentials usage, and T1566, which covers credential harvesting through default credentials. The impact is particularly severe in environments where NetProwler is used for security monitoring, as attackers could potentially hide malicious activities from detection while maintaining persistent access to the monitoring infrastructure.
Mitigation strategies for CVE-2001-0645 require immediate action to address the hardcoded default credentials in the affected software. Organizations should implement immediate credential changes for all default administrative accounts, ensuring that passwords are complex and unique to prevent reuse across systems. The blank password for MySQL ODBC connections must be addressed by implementing proper authentication mechanisms and ensuring that database connections require valid credentials. System administrators should conduct comprehensive inventory assessments to identify all instances of NetProwler 3.5.x deployments and remediate them accordingly. The vulnerability also highlights the importance of proper software configuration management and the need for security hardening procedures during deployment. Organizations should implement network segmentation to limit access to management interfaces and establish monitoring for unauthorized access attempts to these critical systems. Regular security audits should verify that default credentials have been properly changed and that authentication mechanisms are functioning as intended. The remediation process should include updating to newer versions of the software where possible, as Symantec likely addressed these issues in subsequent releases through improved credential management and default configuration practices.