Security researchers from Cisco Talos have revealed that Alpine Linux Docker images distributed via the official Docker Hub portal have not been using any password for the root account.
What is the impact?
This vulnerability (CVE-2019-5021) has been found in v3.3 impacting all Glider Labs Alpine Linux Docker images as well as official images.
Moreover, servers and workstations that have been provisioned/installed from Alpine Linux Docker images could be compromised by attackers who can authenticate using the root user and NULL password.
Web-facing systems are also impacted by the vulnerability.
More details on the vulnerability
This security flaw was first earlier discovered in August 2015 and patched in November, however, the flaw has been accidentally re-opened three weeks later in December 2015.
This flaw has been re-discovered again by a Cisco Umbrella researcher in January 2019.
Researchers noted that existing systems should be modified to either set a custom password for the root account or disable the root account. Additionally, companies and users who have older Alpine Linux Docker images integrated inside install scripts/routines should modify the Docker image to disable the root account or should update to a newer Alpine Linux Docker image.
“The likelihood of exploitation of this vulnerability is environment-dependent, as successful exploitation requires that an exposed service or application utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database,” Cisco Talos said.