New research by Kenna Security found that Docker containers are often not protected with root passwords. Containers are standardized software units that allow software to be run in isolation, so that performance is not influenced by the underlying infrastructure. A security researcher found that 194 (19.4%) of the 1000 most popular Docker containers are not protected by a root password.
According to Jerry Gamblin of Kenna Security the absence of a root password for a container “does not mean that it is automatically vulnerable,” but it can under certain circumstances enable attackers to gain root access to the container. Gamblin stresses that because of this risk, the absence of root passwords for containers “should be avoided at all costs.”
Read more: Fifth of Docker Containers Have No Root Passwords