A security vulnerability in official Alpine Linux Docker images allowed for more than three years logging into the root account using a blank password. The vulnerability was fixed and closed on March 8, 2019, but it could have been solved sooner as it was rediscovered and reported on Agust 5, 2019. Cisco Talos recommends disabling root on systems that still run vulnerable builds of the Alpine Linux container. The likelihood of exploitation of this vulnerability is environment-dependent as successful exploitation requires that an exposed service or application utilise Linux PAM [Pluggable Authentication Modules], or some other mechanism which uses the system shadow file as an authentication database.
Source: https://www.bleepingcomputer.com/news/security/bug-in-alpine-linux-docker-image-leaves-root-account-unlocked/