CVE-2019-5021

Name of the Vulnerable Software and Affected Versions Alpine Linux Docker images versions 3.3 and later

Description The vulnerability is related to a NULL password for the root user in the Official Alpine Linux Docker images. This issue may allow a remote attacker to achieve root access with a blank password, potentially affecting the confidentiality, integrity, and availability of protected information. Systems deployed using affected versions of the Alpine Linux container that utilize Linux PAM or other mechanisms which use the system shadow file as an authentication database may accept a NULL password for the root user.

Recommendations For Alpine Linux Docker images version 3.3 and later, consider disabling the root user account or setting a strong password to prevent unauthorized access. As a temporary workaround, restrict access to the affected container to minimize the risk of exploitation. Update to a version of Alpine Linux Docker images that does not contain this vulnerability, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.