SoylentNews

James Orme writes:

19.4 percent of the Docker store’s top 1000 containers have no root password, potentially exposing users’ systems to attacks under certain conditions.

Last week, a similar flaw was found impacting the official Alpine Linux Docker image, when Talos researchers discovered that all images since v3.3 were shipping with a root account with a null password. The vulnerability meant attackers who infiltrated systems via another entry point, or users with shell (remote) access, could elevate their privileges to root within the container.

Over the weekend, security expert Jerry Gamblin built a script that checked the top 1000 docker containers from the Docker store to determine if they were impacted by the same misconfiguration.

After tweaking the script to correct for duplicates, Gamblin found that 194 of the 1000 containers he analysed had blank passwords, including images from the UK government, HashiCorp, Microsoft, Monsanto and Mesosphere.

Source: https://techerati.com/news-hub/19-of-the-most-popular-docker-containers-have-no-root-password/ [techerati.com]

Original Submission