How severe is CVE-2019-5021?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2019-5021?

This is classified as CWE-258, which is a common weakness in software security.

CVE-2019-5021 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user.

Related Vulnerabilities

CVE-2018-17914

CRITICAL

CVSS:9.8(Critical)

InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. This vulnerability could allow an unauthenticated user to remotely ex...

CWE-2582018

CVE-2023-39439

CRITICAL

CVSS:9.8(Critical)

SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.

CWE-2582023

CVE-2024-28744

HIGH

CVSS:8.8(High)

The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product wi...

CWE-2582024

CVE-2018-17914

CRITICAL

CVSS:9.8(Critical)

CWE-2582018

CVE-2023-39439

CRITICAL

CVSS:9.8(Critical)

SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.

CWE-2582023

CVE-2024-28744

HIGH

CVSS:8.8(High)

CWE-2582024