dnswatchdog.iodocs
Issues

Port 5601: Kibana

Open Kibana port detected on a publicly accessible host.

Severity: Critical | Port: 5601

What is Kibana?

Kibana is a data visualization and exploration tool used with Elasticsearch. It provides dashboards, charts, and search interfaces for log data, metrics, and other information stored in Elasticsearch. Organizations use Kibana to monitor application performance, analyze security events, and explore business data.

Why this is a problem

Kibana often has access to sensitive log data — application logs, security events, user activity, and infrastructure metrics. Older versions of Kibana had no built-in authentication, meaning anyone who could reach port 5601 had full access to all data. Even with authentication enabled, exposing Kibana to the internet increases the risk of credential attacks and exploitation of vulnerabilities.

What you should do

  • Block port 5601 from the internet — Kibana should only be accessible from internal networks
  • If remote access is needed, place Kibana behind a reverse proxy with authentication and VPN access
  • Enable Kibana's built-in security features (requires an Elasticsearch subscription or OpenSearch)
  • Keep Kibana updated to patch known vulnerabilities
  • Review what data is accessible through Kibana and restrict access to sensitive indices

Port 5432: PostgreSQL

Open PostgreSQL port detected on a publicly accessible host.

Port 5900: VNC

Open VNC port detected on a publicly accessible host.

On this page

What is Kibana?Why this is a problemWhat you should do