CVE-2020-29389
Description
The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank password.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Crux Linux Docker images 3.0-3.4 set a blank root password, allowing attackers to gain root access.
Vulnerability
The official Crux Linux Docker images versions 3.0 through 3.4 contain a blank password for the root user [1]. This means that any container deployed with these images has a root account with no password set, making authentication trivial for anyone who can reach the container's console.
Exploitation
An attacker who can access the container's shell (e.g., via docker exec or SSH if exposed) can simply log in as root with an empty password. No prior authentication or special privileges are required beyond network or console access to the running container.
Impact
Successful exploitation grants the attacker full root privileges within the container. This can lead to complete compromise of the containerized application, data exfiltration, or lateral movement to other containers if misconfigured.
Mitigation
Users should upgrade to Crux Linux Docker image version 3.5 or later, which fixes the blank root password issue [1]. If upgrade is not immediately possible, ensure the container is not exposed to untrusted networks and change the root password immediately after deployment via passwd inside the container.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Crux Linux/Crux Linux Docker imagesdescription
- Range: 3.0 through 3.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/koharin/koharin2/blob/main/CVE-2020-29389mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.