dnswatchdog.iodocs
Issues

Port 6443: Kubernetes API

Open Kubernetes API server port detected on a publicly accessible host.

Severity: Critical | Port: 6443

What is the Kubernetes API?

Kubernetes is a container orchestration platform that automates deploying, scaling, and managing containerized applications. The Kubernetes API server on port 6443 is the central control plane — every operation in the cluster (deploying apps, scaling services, reading secrets) goes through this API.

Why this is a problem

The Kubernetes API server is the keys to the kingdom. If an attacker gains access, they can deploy malicious containers, read secrets (including database passwords and API keys), access any data in the cluster, and potentially pivot to the underlying infrastructure. Misconfigured clusters have been exploited for cryptomining, data theft, and supply chain attacks.

What you should do

  • Restrict API server access to known IP ranges using firewall rules or the --authorized-networks flag (on managed Kubernetes services)
  • Use private clusters where the API server has no public endpoint
  • Ensure RBAC (Role-Based Access Control) is properly configured
  • Disable anonymous authentication
  • Use network policies to restrict pod-to-pod communication
  • Regularly audit cluster access and rotate service account tokens

Port 6380: Redis TLS

Open Redis TLS port detected on a publicly accessible host.

Port 7474: Neo4j

Open Neo4j port detected on a publicly accessible host.

On this page

What is the Kubernetes API?Why this is a problemWhat you should do