The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
{ "severity": "Critical", "cpes": [ "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*" ] }