Experts warned that the Alpine Linux Docker images, which had been distributed through the official Docker Hub for about three years, used an empty password (NULL) for the root account. The problem affected all versions of Alpine Linux since 3.3. It is worth noting that Alpine Linux is one of the most popular distributions on the Docker Hub, with more than 10,000,000 installations.
The vulnerability received the identifier CVE-2019-5021, and in this case it is interesting that it was not discovered for the first time. The problem was already paid attention in August 2015 and corrected in November. But only three weeks after the patch was released, in December 2015, the bug accidentally returned to the code, and was seen again only in January of this year by analysts. At first it was thought that the problem only affected the Glider Labs Alpine Linux image, but then it became clear that the official images had also suffered.
Because of a bug, attackers can compromise Alpine Linux Docker images using a root account without a password. Although the updated images of Alpine Linux have already been published on the Docker Hub, not everyone will care about the update, as is often the case. Therefore, experts strongly recommend that administrators at least disable the root account or set a custom password for it.