Hacking Book | Free Online Hacking Learning


cisco talos reports hard coded credentials in alpine linux docker images

Posted by patinella at 2020-03-04

Since December 2015, the alpine Linux docker image has been attached with hard coded credentials, that is, the null password of the root user.  

Cisco's security researchers revealed that since December 2015, alpine Linux docker images distributed through the official docker hub portal has been logging in to the root account with a null password.

Starting from v3.3, the official Alpine Linux docker image contains the null password of the root account. This error received a CVss score of 9.8, which affected Alpine docker versions 3.3 to 3.9, including Alpine docker edge.  

"The version of the official Alpine Linux docker image (since v3.3) contains the null password of the root user. The vulnerability appears to be the result of a fallback in December 2015. "The Talos team wrote in a blog post. "Due to the nature of this problem, a null password for the root user may exist for systems deployed with the affected Alpine Linux container Version (using Linux PAM), or other mechanisms that use the system shadow file as the authentication database."

The issue was first disclosed in August 2015 and fixed in November, apparently resurfacing in December 2015.

The null password exists in the / etc / shadow file of the affected version of the alpine docker image.

"In the version of Alpine docker image (> = 3.3), the / etc / shadow file contains a blank field to replace the encrypted password (sp_pwdp in the context of the spwd structure returned by getspent)." Talos added.

$ for i in seq 1 9; do echo -n "date - Alpine Docker 3.$i - "; docker run -it alpine:3.$i head -n 1 /etc/shadow ; done"

Talos reported the vulnerability to alpine Linux in February, experts said

In any case, the good news is that the root account should be explicitly disabled in the docker image based on the affected version.  

"The possibility of exploiting this vulnerability depends on the environment, as successful exploitation requires publicly exposed services or applications to use Linux PAM, or other mechanisms that use the system shadow file as the authentication database," tallos concluded.

本文由白帽汇整理并翻译,不代表白帽汇任何观点和立场 来源:https://securityaffairs.co/wordpress/85251/breaking-news/hardcoded-credentials-alpine-linux-docker.html 本文由白帽汇整理并翻译,不代表白帽汇任何观点和立场 来源:https://securityaffairs.co/wordpress/85251/breaking-news/hardcoded-credentials-alpine-linux-docker.html