Since December 2015, Alpine Linux Docker images have been shipped with hardcoded credentials, a NULL password for the root user. Security researchers from Cisco revealed that Alpine Linux Docker images distributed via the official Docker Hub portal since December 2015 have been using a NULL password for the root account, The NULL password for the root account was included in the Official Alpine Linux Docker images since v3.3. The bug received a CVSS score of 9.8, it affects Alpine Docker versions 3.3 to 3.9, including Alpine Docker Edge. “Versions of the Official Alpine Linux Docker images (since v3 .
Read full article on Security Affairs