Jerry Gamblin decided to find out how common the newly identified in the Docker images of the Alpine distribution associated with specifying an empty password for the root user. Analysis of the XNUMX most popular containers from the Docker Hub catalog , what in of these (19.4%), root is set to an empty password without account lockout ("root:::0:::::" instead of "root:!::0:::::").
In the case of using shadow and linux-pam packages in the container, use an empty root password elevate your privileges inside the container when you have unprivileged access to the container or after exploiting a vulnerability in an unprivileged service running in the container. You can also connect to the container as root if you have access to the infrastructure, i.e. terminal connectivity to the TTY listed in /etc/securetty. Through SSH, login with an empty password is blocked.
Most popular among are , , , , ΠΈ with over 10 million downloads. Containers are also allocated
(500 thousand), (5 million),
(1 million),
(5 million)
ΠΈ (1 million). Almost all of these containers are based on Alpine and do not use the shadow and linux-pam packages. The only exception is microsoft/azure-cli based on Debian.
Source: opennet.ru