Misconfigurations in root account of top 20 most common Docker containers

Get a free Techzine subscription!

Sun 20 percent of the 1,000 most common Docker containers on the Docker Hub portal are affected by misconfiguration. This increases the chance that user systems are exposed to attacks under certain circumstances, according to Jerry Gamblin, principal security engineer at Kenna Security.

According to ZDnet, Gamblin has examined the extent of the problem across the board from the Docker Hub package repository. For example, he would have found 194 Docker images, which also set up root accounts with blank passwords.

The error would be similar to the one that affected the official Alpine Linux Docker container last week. Cisco Talos researchers discovered that Alpine Linux Docker images had an active root account with an empty password. These are images that have been released over the past three years.

Microsoft and Monsanto

Gamblin has published the list of potentially vulnerable Docker containers on GitHub. This allows users of the images in question to view their own system configurations. This allows them to determine for themselves whether they are affected. Well-known names on the list include containers from Microsoft and Monsanto. In addition, names such as HashiCorp, Mesosphere and the British government are also mentioned. Gamblin claims to have contacted a handful of names on the list directly.

I removed the top 1000 Docker containers from the Docker Hub and looked for root in the file / etc / shadow :: 0 :::::::. This means that the root account is active, but does not have a password. Kylemanna / openvpn is the most popular container on the list and it has over 10,000,000 pulls, says Gamblin in a blog post.

Linux systems vulnerable

The misconfiguration does not pose a direct threat to users. Linux systems configured to use Linux PAM [Pluggable Authentication Modules] and / etc / shadow for authentication, however, would be vulnerable. Gamblin: After checking 1,000 containers and discovering that 20 percent of them had this configuration, it became clear that end-users should know this type of misconfiguration. As well as having to identify and deal with it, as a best practice. Especially when they decide to use every container in their area.

The researcher hopes that his research (CVE-2019-5021) will make the problem more transparent for container managers.

Read more: Docker Enterprise 3.0 with locked-down Kubernetes

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.