dnswatchdog.iodocs
Issues

Port 6380: Redis TLS

Open Redis TLS port detected on a publicly accessible host.

Severity: Critical | Port: 6380

What is Redis TLS?

Redis TLS is Redis configured to accept encrypted connections on port 6380. TLS (Transport Layer Security) encrypts the data in transit between the client and the Redis server, preventing eavesdropping. This is an improvement over plain Redis on port 6379, but the underlying service and risks are the same.

Why this is a problem

While TLS protects data in transit, it does not prevent unauthorized access. If the Redis instance is reachable from the internet, attackers can still attempt to authenticate, brute-force passwords, or exploit vulnerabilities. All the same risks that apply to plain Redis apply here — data theft, data manipulation, and potential server compromise through Redis command abuse.

What you should do

  • Block port 6380 from the internet — even with TLS, Redis should not be publicly accessible
  • Require TLS client certificates for mutual authentication
  • Enable Redis authentication and ACLs
  • Bind to private network interfaces only
  • Follow the same hardening steps as for plain Redis on port 6379

Port 6379: Redis

Open Redis port detected on a publicly accessible host.

Port 6443: Kubernetes API

Open Kubernetes API server port detected on a publicly accessible host.

On this page

What is Redis TLS?Why this is a problemWhat you should do