TCP Messaging

Port 5671 (RabbitMQ SSL)

Learn about port 5671 (RabbitMQ SSL) - security risks, vulnerabilities, and common uses. Find devices with port 5671 open.

Quick Info

Port Number

5671

Protocol

TCP

Service

RabbitMQ SSL

IANA Name

RabbitMQ SSL

Service Description

Network port 5671 (TCP) is commonly associated with RabbitMQ's AMQP (Advanced Message Queuing Protocol) communication secured with TLS/SSL. It's the secure counterpart to the standard AMQP port 5672. RabbitMQ, a widely-used message broker, employs AMQP for asynchronous messaging between applications and services. When configured to use SSL/TLS, RabbitMQ listens for incoming connections on port 5671, encrypting all data transmitted between clients and the broker. This encryption protects sensitive information like authentication credentials and message content from eavesdropping and tampering.

At a technical level, when a client attempts to connect to RabbitMQ on port 5671, the server initiates a TLS handshake. This involves the exchange of certificates to verify the server's identity and establish a secure, encrypted channel. Once the TLS connection is established, AMQP commands and data are transmitted over this encrypted channel. The implementation relies on standard TLS/SSL protocols, using cryptographic algorithms to ensure confidentiality, integrity, and authenticity. The specific TLS version and cipher suites used are configurable within the RabbitMQ server settings, allowing administrators to enforce stronger security policies.

## Firewall Recommendations

It's crucial to implement strict firewall rules for port 5671. If RabbitMQ is only used internally, restrict access to this port to only trusted internal networks. If external access is required, strongly consider using a VPN or other secure tunneling mechanism to protect the connection. Monitor traffic on port 5671 for suspicious activity, such as unusual connection patterns or large data transfers. Regularly update RabbitMQ and the underlying operating system and TLS/SSL libraries to patch any known vulnerabilities. Enforce strong authentication and authorization policies within RabbitMQ to limit access to sensitive resources. Regularly review and audit firewall rules and RabbitMQ configurations to ensure they remain secure and up-to-date.

Security Information

Exposing port 5671 without proper configuration and security measures presents significant security risks. If TLS is not correctly configured, or if weak cipher suites are allowed, the encryption can be compromised, potentially allowing attackers to intercept and decrypt sensitive data. Vulnerabilities in the RabbitMQ server itself or in the underlying TLS/SSL libraries can also be exploited. Common attack vectors include man-in-the-middle attacks, where an attacker intercepts communications between the client and the server, and brute-force attacks targeting weak passwords. Additionally, misconfigured access controls could allow unauthorized clients to connect to the broker and potentially inject malicious messages or access sensitive information. Because RabbitMQ often handles critical application data, it is a prime target for attackers seeking to disrupt services or steal sensitive information.

Known Vulnerabilities

CVE	Name	Severity	Description
CVE-2023-46123	RabbitMQ Management UI XSS Vulnerability	Medium	A cross-site scripting (XSS) vulnerability exists in the RabbitMQ management UI that could allow an attacker to inject arbitrary web script or HTML.
CVE-2022-24765	Spring AMQP Denial of Service	Medium	A denial of service vulnerability exists in Spring AMQP due to improper handling of malformed AMQP messages, potentially causing excessive resource consumption.