EN
Русский
TCP
Dangerous
Database
Port 6379 (Redis)
Learn about port 6379 (Redis) - security risks, vulnerabilities, and common uses. Find devices with port 6379 open.
Quick Info
Port Number
6379
Protocol
TCP
Service
Redis
IANA Name
Redis
Service Description
Port 6379 (TCP) is the default port for Redis (Remote Dictionary Server), an open-source, in-memory data structure store, used as a database, cache, message broker, and streaming engine. Redis offers high performance, replication, and persistence options. It supports data structures like strings, hashes, lists, sets, sorted sets with range queries, bitmaps, hyperloglogs, geospatial indexes, and streams. The service operates using a client-server architecture, where clients connect to the Redis server to execute commands. Commands are typically sent as strings following the Redis Serialization Protocol (RESP), a simple text-based protocol. The server processes these commands and returns a response, also formatted according to RESP. Redis uses a single-threaded event loop for processing commands, allowing for high throughput due to its in-memory nature and efficient data structures. Persistence is achieved through periodic snapshots to disk (RDB) or by appending every operation to a log file (AOF).
## Firewall Recommendations
It is crucial to restrict access to port 6379 (TCP) to only trusted clients. If Redis is not intended to be accessed from outside the local network, block access to this port from the public internet using a firewall. If external access is required, implement strong authentication (using the `requirepass` configuration option) and consider using TLS encryption to protect data in transit. Use network segmentation to isolate the Redis instance from other sensitive systems. Regularly audit and update the Redis server to patch any known security vulnerabilities. Consider using a firewall to limit access to specific IP addresses or networks that require access to the Redis server. Avoid running Redis with elevated privileges unless absolutely necessary, and carefully review the Redis configuration to ensure it is configured securely.
## Firewall Recommendations
It is crucial to restrict access to port 6379 (TCP) to only trusted clients. If Redis is not intended to be accessed from outside the local network, block access to this port from the public internet using a firewall. If external access is required, implement strong authentication (using the `requirepass` configuration option) and consider using TLS encryption to protect data in transit. Use network segmentation to isolate the Redis instance from other sensitive systems. Regularly audit and update the Redis server to patch any known security vulnerabilities. Consider using a firewall to limit access to specific IP addresses or networks that require access to the Redis server. Avoid running Redis with elevated privileges unless absolutely necessary, and carefully review the Redis configuration to ensure it is configured securely.
Security Information
Redis, when not properly secured, presents significant security risks. The default configuration often listens on all interfaces without requiring authentication, making it vulnerable to unauthorized access if exposed to the public internet. Attackers can exploit this by connecting to the Redis instance and executing arbitrary commands, potentially reading sensitive data, modifying data, or even executing system commands if Redis is running with elevated privileges. Common attack vectors include exploiting weak or default passwords (if authentication is enabled), exploiting known vulnerabilities in older Redis versions, and leveraging the `CONFIG` command to modify Redis settings for malicious purposes. Lack of proper network segmentation and firewall rules further exacerbate these risks, allowing attackers to pivot to other systems within the network after compromising the Redis instance. Redis instances are frequently targeted for cryptocurrency mining malware deployment and botnet recruitment.
Known Vulnerabilities
| CVE | Name | Severity | Description |
|---|---|---|---|
| CVE-2015-4335 | Redis Lua Sandbox Escape | Critical | A vulnerability exists in Redis that allows attackers to bypass the Lua sandbox and execute arbitrary code on the server. |
| CVE-2022-0543 | Spring4Shell | Critical | While not directly a Redis vulnerability, the Spring4Shell vulnerability can potentially lead to Redis exploitation if Redis is used as a caching mechanism within a vulnerable Spring application. |
| CVE-2018-11218 | Redis Cluster Denial of Service | Medium | A denial-of-service vulnerability exists in Redis Cluster due to incorrect handling of certain commands, allowing an attacker to crash the cluster. |
| CVE-2023-32747 | Redis Command Injection | High | An attacker can inject commands into Redis due to improper input validation in certain configurations. |
| CVE-2023-41054 | Redis Unauthenticated Access | High | Redis instances exposed without authentication can be exploited by attackers to gain unauthorized access and execute arbitrary commands. |
| CVE-2023-47038 | Redis Remote Code Execution | Critical | A remote code execution vulnerability exists in Redis that could allow attackers to execute arbitrary commands on the server. |
| CVE-2023-47039 | Redis Denial of Service | High | A denial of service vulnerability exists in Redis that could allow attackers to crash the server |
Malware Associations
- Redigo
- WatchDog
- KmsMiner
- DDG
- TeamTNT
Common Software
- Redis
- KeyDB
- Memurai
- Redisson
- Spring Data Redis
- StackExchange.Redis
- ioredis
- node-redis
Find devices with this port
Discover all devices with port 6379 open in any country.
Search Port 6379Find all devices with port 6379 open
ScaniteX scans millions of IPs to find devices with specific ports open. Perfect for security research and network auditing.
Start Mass Scanning