Go to listing page

Nearly 20% of top 1000 most popular Docker containers found using NULL password

Nearly 20% of top 1000 most popular Docker containers found using NULL password
  • Researcher Jerry Gamblin found 194 Docker images for which root accounts were set up with blank passwords.
  • This can expose users' systems to attacks under certain conditions.

According to a recent study, around 20% of the top 1000 most popular Docker containers on Docker Hub were found to be impacted by root account misconfigurations. This flaw can expose users' systems to attacks under certain conditions.

Whats the matter?

Jerry Gamblin, the principal security engineer at Kenna Security, studied the root account misconfiguration problem in depth across the entire Docker Hub package repository. During the investigation, Gamblin found that many of the popular containers used a blank (NULL) password for root account.

Which images are affected?

In a conversation with ZDNet, Gamblin said that he found 194 popular Docker images for which root accounts were set up with blank passwords. Some of the famous names in the researcher's list include containers from Microsoft, Monsanto, HashiCorp, Mesosphere, and the UK government.

"kylemanna/openvpn is the most popular container on the list and it has over 10,000,000 pulls," Gamblin wrote in a blog post.

Worth noting

This flaw is similar to the one that impacted the official Alpine Linux Docker container, reported by Cisco Talos on May 8, 2019.

“These findings could lead to configuration-based vulnerabilities in certain situations, as was the case with this the Alpine Linux vulnerability. (Alpine Linux, in its response, noted that before the patch, containers were only vulnerable if the shadow and linux-pam packages were installed),” Gamblin noted.

Based on these findings, it is advisable for all developers using these Docker images to change their root password to avoid the security risk.

Cyware Publisher

Publisher

Cyware