CVE-2020-35469 – The Software AG Terracotta Server OSS Docker im... (How to Fix)

📋 TL;DR

The Software AG Terracotta Server OSS Docker image version 5.4.1 has a blank root password, allowing remote attackers to gain root access without authentication. This affects any system running the vulnerable Docker container. Attackers can fully compromise affected systems.

💻 Affected Systems

Products:

Software AG Terracotta Server OSS Docker image

Versions: 5.4.1

Operating Systems: Any OS running Docker

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the Docker image, not other installation methods. The vulnerability is in the container configuration.

📦 What is this software?

Terracotta Server Oss by Softwareag

View all CVEs affecting Terracotta Server Oss →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with root privileges, data theft, ransomware deployment, and lateral movement to other systems.

🟠

Likely Case

Unauthorized root access leading to data exfiltration, installation of backdoors, or cryptocurrency mining.

🟢

If Mitigated

Limited impact if container runs in isolated environment with no network access to root services.

🌐 Internet-Facing: HIGH - Containers exposed to internet are trivially exploitable with no authentication required.

🏢 Internal Only: HIGH - Even internal attackers or compromised internal systems can exploit this easily.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only SSH or similar access to the container with blank password. No special tools needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.4.2 or later

Vendor Advisory: https://github.com/SoftwareAG/terracotta-server-oss

Restart Required: Yes

Instructions:

1. Pull updated Docker image: docker pull softwareag/terracotta-server-oss:latest
2. Stop and remove old container
3. Deploy new container with updated image
4. Verify root password is set or SSH disabled

🔧 Temporary Workarounds

Set root password manually

linux

Manually set a strong root password inside the container

docker exec -it <container_name> passwd root

Disable SSH/root access

linux

Remove SSH service or disable root login

docker exec -it <container_name> apt-get remove openssh-server
docker exec -it <container_name> sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config

🧯 If You Can't Patch

Isolate container network: Use Docker network policies to restrict access to container
Implement strict firewall rules blocking SSH port 22 to container

🔍 How to Verify

Check if Vulnerable:

Check if container is using vulnerable image: docker inspect <container_name> | grep 'softwareag/terracotta-server-oss:5.4.1'

Check Version:

docker inspect <container_name> | grep Image

Verify Fix Applied:

Attempt SSH login with blank password: ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no root@<container_ip>

📡 Detection & Monitoring

Log Indicators:

Failed SSH login attempts followed by successful login
Multiple SSH connections from unusual sources
Authentication logs showing root login without password

Network Indicators:

SSH traffic to container port 22 from unexpected sources
Unusual outbound connections from container

SIEM Query:

source="auth.log" ("Accepted password for root" AND "from") OR ("session opened for user root" AND sshd)

📊 Metadata

CVE ID: CVE-2020-35469

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-306

Published: December 16, 2020

Last Updated: November 21, 2024

🔗 References

https://github.com/donghyunlee00/CVE/blob/main/CVE-2020-35469 Third Party Advisory
https://github.com/donghyunlee00/CVE/blob/main/CVE-2020-35469 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35469, you might also want to check these: