Official Docker Alpine Linux images since version 3.3 contain an empty superuser password. When using PAM or another authentication mechanism that uses the /etc/shadow file as the source, the system may allow the root user to login with a blank password. Update the base image version or modify the /etc/shadow file manually.
Vulnerability fixed in versions:
- edge (20190228 snapshot)
- v3.9.2
- v3.8.4
- v3.7.3
- v3.6.5
Source: linux.org.ru