Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Unpassworded 'root' Account (SSH)
Information
Severity
Severity
Critical
Family
Family
Default Accounts
CVSSv2 Base
CVSSv2 Base
10.0
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Solution Type
Solution Type
Workaround
Created
Created
4 years ago
Modified
Modified
4 years ago
Summary
The remote host has set no password for the root account.
Insight
Insight
It was possible to login with the 'root' username and without passing a password.
Affected Software
Affected Software
Versions of the Official Alpine Linux Docker images (since v3.3) are known to be affected. Other products / devices might be affected as well.
Detection Method
Detection Method
Try to login with a 'root' username and without a password.
Solution
Solution
Set a password for the 'root' account. If this is an Alpine Linux Docker image update to one of the following image releases: edge (20190228 snapshot), v3.9.2, v3.8.4, v3.7.3, v3.6.5.