Cisco Talos warns of hardcoded credentials in Alpine Linux Docker Images
Since December 2015, Alpine Linux Docker images have been shipped with hardcoded credentials, a NULL password for the root user. The NULL password for the root account was included in the Official Alpine Linux Docker images since v3.3. The bug received a CVSS score of 9.8, it affects Alpine Docker versions 3.3 to 3.9, including Alpine Docker Edge.
The issue wasfirst reported in August 2015 and patched in November, evidently, it was re-introducedin December 2015. The NULL passoword is present in the/etc/shadowfile of the affected builds of the Alpine Docker Image.
Source: securityaffairs.co