Root user has no password
aronmolnar opened this issue · 1 comments
aronmolnar commented
The root user in the docker image has no password.
This may make it possible - if the service (running as nobody) is compromized - that an attacker could become root.
It should be sufficient to pull the latest alpine image an rebuild the image.
See also:
https://www.bleepingcomputer.com/news/security/bug-in-alpine-linux-docker-image-leaves-root-account-unlocked/
https://gist.github.com/jgamblin/6015a2020c1de3bc3aab19b361573b7f
Relates #23
andyshinn commented
I've pushed new releases that have this fixed at 2.79 and later.