Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
CVE ID: | CVE-2019-5021 |
Description: | Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user. |
Test IDs: | 1.3.6.1.4.1.25623.1.0.852540 1.3.6.1.4.1.25623.1.1.4.2019.1368.2 1.3.6.1.4.1.25623.1.1.4.2019.1368.1 |
Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-5021 BugTraq ID: 108288 http://www.securityfocus.com/bid/108288 https://alpinelinux.org/posts/Docker-image-vulnerability-CVE-2019-5021.html https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782 SuSE Security Announcement: openSUSE-SU-2019:1495 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00004.html |