Service:
vnc
Protocol:
TCPPort:
5900Used for:
Virtual Network Computing remote desktop accessWhy It’s Open
Port 5900 is the default port for Virtual Network Computing (VNC), a protocol that enables remote graphical desktop access using the Remote Framebuffer (RFB) protocol. It allows users to interact with a remote system’s GUI over a network.
Organizations rely on VNC for remote administration, IT support, remote work, and educational lab management, especially where lightweight remote desktop solutions are needed across platforms.
Common Risks
- Weak Authentication
Many VNC servers use default or easily guessable passwords. - Unencrypted Sessions
VNC sends all screen and input data in plaintext by default. - Brute Force Attacks
No built-in rate-limiting; attackers can guess passwords freely. - Screen Scraping
Attacks may capture sensitive data directly from the display. - Keyboard Logging
Keystrokes, including credentials, may be captured in plaintext. - No IP Filtering
Often lacks source restrictions or proper firewalling. - Version-specific Exploits
Exposed VNC versions may be vulnerable to known RCE bugs.
Want to save time on reporting?
Let PentestPad generate, track, and export your reports - automatically.
Enumeration & Testing
Basic port scan:
nmap -sV -p 5900Authentication and info test:
nmap -sV -p 5900 --script vnc-info,vnc-authConnect to target:
vncviewer :5900Brute force test:
hydra -s 5900 -P /path/to/wordlist vncWhat to Look For
| Checkpoint | What it means |
|---|---|
| No authentication | Remote desktop accessible without credentials |
| Weak encryption | Traffic can be intercepted and replayed |
| Default VNC password | Easy to guess or publicly known |
| Missing access controls | No IP-based restrictions in place |
| Version information exposed | May aid attackers in targeting specific exploits |
Mitigation
- Strong Authentication
Enforce strong, unique passwords and use 2FA if supported. - Encrypt Connections
Tunnel VNC over SSH or VPN to secure traffic. - Access Control
Restrict port 5900 access using firewall rules or IP whitelisting. - Update Software
Regularly patch the VNC server to close known vulnerabilities. - Session Security
Enable logging, timeout sessions, and limit concurrent users. - Use Secure Alternatives
Replace legacy VNC with RDP, TeamViewer, or AnyDesk for enhanced security. - Change the Default Port
Using a non-standard port reduces exposure to automated scans.
TL;DR
- Port 5900 = VNC remote desktop protocol
- Used for remote GUI access
- Unencrypted by default, vulnerable to sniffing
- Easy target for brute force and credential reuse attacks
- Needs SSH/VPN tunneling, auth hardening, and network restrictions
Known CVEs and Exploits
- CVE-2023-1547 – Authentication bypass in VNC server
- CVE-2022-4285 – Buffer overflow in RFB protocol
- CVE-2021-41064 – RCE via crafted VNC client messages
- CVE-2020-25791 – Password bypass vulnerability
- Tools:
vncviewer,nmap,hydra,vnccrack,vncscan