Service:
vnc-http
Protocol:
TCPPort:
5800Used for:
VNC remote desktop web interfaceWhy It’s Open
Port 5800 is used by VNC (Virtual Network Computing) to provide web-based remote desktop access through a browser, typically using a Java applet. This eliminates the need for a dedicated VNC client, making it ideal in environments with restricted software installations.
Organizations use this port to offer convenient remote access to desktops, often in data centers, enterprise IT support, or industrial control systems, where quick web-based access is preferred.
Common Risks
- Authentication Bypass
Weak or missing login mechanisms allow direct access. - Session Hijacking
If traffic is unencrypted, attackers can intercept and take over sessions. - Java Security Issues
Old Java applets may contain remote code execution (RCE) vulnerabilities. - Cross-Site Scripting (XSS)
Poor input sanitization can lead to client-side attacks. - Information Disclosure
Screen content and session metadata may leak in plaintext.
Want to save time on reporting?
Let PentestPad generate, track, and export your reports - automatically.
Enumeration & Testing
Basic port scan:
nmap -sV -p 5800Web interface check:
curl -v http://:5800/Vulnerability scan:
nikto -h -p 5800Check SSL/TLS:
sslscan :5800What to Look For
| Checkpoint | What it means |
|---|---|
| No authentication prompt | Interface may allow anonymous remote desktop access |
| Outdated Java version | May contain RCE or sandbox escape vulnerabilities |
| Unencrypted traffic | Data can be sniffed on the network |
| Weak access controls | Access from unauthorized networks possible |
| Missing HTTPS | Sessions and credentials transmitted in plaintext |
Mitigation
- Enable Authentication
Require strong passwords for all VNC web interface access. - Use HTTPS
Configure SSL/TLS to encrypt browser sessions. - Update Java Components
Keep all Java runtime and applet files current and secure. - Access Control
Limit exposure with IP whitelisting and internal network restrictions. - Session Security
Enforce session expiration and encryption for all remote desktop sessions. - Modern Alternatives
Replace Java-based access with HTML5-based or native VNC viewers. - Regular Updates
Patch VNC server software and supporting web modules frequently.
TL;DR
- Port 5800 = VNC over web (browser interface)
- Enables remote desktop via Java applet
- High attack surface if exposed externally
- Must enforce authentication and HTTPS
- Java-related RCEs are common
- Use modern, secure alternatives where possible
Known CVEs and Exploits
- CVE-2022-39247 – Authentication bypass in certain VNC web interfaces
- CVE-2021-28109 – RCE via insecure Java applet
- CVE-2020-25137 – Information disclosure vulnerability
- CVE-2019-15681 – VNC web client buffer overflow
- Tools:
vncviewer,nikto,nmap,sslscan,Burp Suite