ProHoster > Blog > internet news > 19.4% of the top 1000 Docker containers contain an empty root password
19.4% of the top 1000 Docker containers contain an empty root password
Jerry Gamblin decided to find out how common the newly identified problem in the Docker images of the Alpine distribution associated with specifying an empty password for the root user. Analysis of the XNUMX most popular containers from the Docker Hub catalog showed, what in 194 of these (19.4%), root is set to an empty password without account lockout ("root:::0:::::" instead of "root:!::0:::::").
In the case of using shadow and linux-pam packages in the container, use an empty root password Allows elevate your privileges inside the container when you have unprivileged access to the container or after exploiting a vulnerability in an unprivileged service running in the container. You can also connect to the container as root if you have access to the infrastructure, i.e. terminal connectivity to the TTY listed in /etc/securetty. Through SSH, login with an empty password is blocked.