Experts warned that the Alpine Linux Docker images, which had been distributed through the official Docker Hub for about three years, used an empty password (NULL) for the root account. The problem affected all versions of Alpine Linux since 3.3. It is worth noting that Alpine Linux is one of the most popular distributions on the Docker Hub, with more than 10,000,000 installations.
The vulnerability received the identifier CVE-2019-5021, and in this case it is interesting that it was not discovered for the first time. The problem was already paid attention in August 2015 and corrected in November. But only three weeks after the patch was released, in December 2015, the bug accidentally returned to the code, and was seen again only in January of this year by analysts. At first it was thought that the problem only affected the Glider Labs Alpine Linux image, but then it became clear that the official images had also suffered.