Rapiscan Default Password ◆ < EASY >

Operator/Admin Login: Accessing the software interface of an X-ray scanner (like the 600 series) to perform daily inspections or adjust settings.

  • The Flaw: The system contained a user account named guest with a default, hardcoded password (0day or similar variations depending on the specific firmware version).
  • The Impact: Despite the innocuous name "guest," this account was not restricted. It provided access to the system's internal settings. A malicious actor with network access to the machine could log in and alter the X-ray generator's parameters.
  • The Consequence: The danger was not just data theft; it was physical harm. An attacker could manipulate the scanner to generate higher radiation levels than intended, potentially causing radiation burns to unsuspecting passengers or staff, or conversely, reduce sensitivity to allow contraband to pass through undetected.

2. The RTT110 (EDS) – Linux Backend

The RTT110 is a more complex system, but its diagnostic mode retains a critical flaw. When booting into "Maintenance Mode" (accessed via a hidden key combination during POST), the system drops to a root shell with no password required. If the default OS password was never changed, it remains: rapiscan default password

  • Fear of Lockout: Rapiscan does not offer a simple "forgot password" recovery. If an unauthorized staff member changes the password and then quits, the machine may become a $100,000 brick until a factory technician visits—costing days of downtime.
  • Frequent Technician Access: Rapiscan field engineers often request that default passwords remain active so they can perform rapid diagnostics without calling a supervisor for credentials every time.
  • Air-Gap Fallacy: Many security managers believe that because the X-ray machine is not connected to the internet (air-gapped), passwords don’t matter. However, USB drives (carrying malware or hacking tools) are frequently plugged in to update threat image libraries (TIP).

Changing the Default Password: Once you've accessed the device using the default password, it's crucial to change it to a strong, unique password. This new password should be a combination of letters, numbers, and special characters, and it should not be easily guessable. Operator/Admin Login: Accessing the software interface of an

Global Support - Services and Information - Rapiscan Systems The Flaw: The system contained a user account