A Debian bug reported  noted that the default Debian template for LXC (lxc-debian.in) set the root password to 'root' for the newly-created Debian-based container. In addition, it was also reported  that the default sshd_config installed set 'PermitRootLogin yes' which, while normally not a problem to allow root to login with a password, due to the constant and known root password, makes it easy for any user to obtain root privileges in a new container where the password has not been changed.
In the Fedora or CentOS templates that do set a random root password, this is not a problem. So the second Debian bug is only a security issue when the first issue is present (it is not a security issue in the other templates).
Looking further at the various templates, when a password is not specified, other systems also use predictable defaults:
* archlinux (if unspecified, no password is set)
* ubuntu (has a predictable password for user ubuntu, which in turn has sudo access)
NOTE: I don't know whether or not this would ever receive a CVE based on these being configurable (so would require in most cases a person to either a) not specify a password or b) not change it post-creation), however the way the Fedora and CentOS templates work (random passwords, stored either in a file or printed to stdout) is a much safer/secure alternative and it would be ideal if these other templates could be changed to do something similar.
Created lxc tracking bugs for this issue:
Affects: fedora-all [bug 1132002]
Affects: epel-6 [bug 1132003]
Affects: epel-7 [bug 1132004]
Inventory of current templates with plans:
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.