From zdnet.com
Alpine Linux Docker images available via the Docker Hub contained a critical flaw allowing attackers to authenticate on systems using the root user and no password.
For three years, some Alpine Linux Docker images have shipped with a root account and no password, opening the door for attackers to easily access vulnerable servers and workstations provisioned for the images.
Affected versions of Alpine Linux Docker distros include 3.3, 3.4, 3.5, 3.6, 3.7, 3.8 and 3.9 Alpine Docker Edge, according to Cisco Talos researchers who discovered the bug, tested each version and released their findings on Wednesday. Vulnerable images of Alpine Linux Dockers were available via the official Docker Hub portal since late 2015.