Before we discuss passwords, it is vital to understand the variety of systems involved. Rapiscan produces several product families, each with its own operating system and authentication method:
Some models have certain "backdoor" accounts that cannot be deleted or have passwords changed. For example, the Rapiscan 632DV food inspection scanner (used in agricultural security) had a documented hidden account debug with password debugmode that persisted across password changes. Rapiscan released a patch in 2019 to disable this, but many buyers never applied it.
Based on leaked service manuals, reverse engineering reports, and vulnerability disclosures from the past decade, the most frequently cited Rapiscan default passwords fall into several categories:
| Role / Access Level | Common Username | Common Default Password | Notes |
|---------------------|----------------|------------------------|-------|
| Operator (Basic scan review) | operator | ops or pass | Often no password at all on older units. |
| Supervisor (Image storage, threat image projection) | supervisor | super123 or 9999 | Widely documented on 600-series X-ray units. |
| Administrator / Service (Full system control, calibration) | admin | admin | The most dangerous default. |
| Service Engineer | service | service or 0000 | Grants access to X-ray power adjustments. |
| Windows Embedded Login | Administrator | rapiscan or P@ssw0rd | Since many run Windows, the OS password is often weak. |
| Web Interface (older models) | root | root or rtt | For network-enabled management portals. |
| Rapiscan 632DV (specific) | user | user | Documented in 2015 ICS-CERT advisory. |
Critical Note: Rapiscan frequently changes defaults for different product lines and firmware versions. One of the most infamous default passwords—rumored in security circles but never officially confirmed—was a hardcoded backdoor: rapiscan with no username. However, modern units (post-2018) typically force password changes during initial commissioning.
Under the Aviation and Transportation Security Act (USA) and EU Regulation 300/2008, failing to change default passwords on security equipment can result in fines or revocation of security clearance.
By: Security & Infrastructure Team
The RTT110 is a more complex system, but its diagnostic mode retains a critical flaw. When booting into "Maintenance Mode" (accessed via a hidden key combination during POST), the system drops to a root shell with no password required. If the default OS password was never changed, it remains:
The phrase "Rapiscan default password" should not be a guilty secret whispered at security conferences. It is a known, documented vulnerability with a simple fix. The default passwords—rapiscan/rapiscan, service/service, root/rtt110—are not dangerous by themselves. What is dangerous is the assumption that physical isolation or operational convenience justifies leaving them intact.
Every day that a Rapiscan system operates with factory credentials is a day that the security of your checkpoint, your baggage hold, or your border crossing is at the mercy of the first curious employee or compromised USB drive that comes along.
Your action plan for tomorrow morning:
The terrorists, smugglers, and cybercriminals already know the default passwords. Now you do too. The only remaining question: will you act on that knowledge?
This article is for educational and defensive security purposes. Unauthorized access to Rapiscan systems is a federal crime under 18 U.S.C. § 1030 (Computer Fraud and Abuse Act) and may violate TSA regulations. Always coordinate with your security manager and Rapiscan support team before making credential changes.
Understanding Rapiscan Default Passwords: A Security Guide Rapiscan Systems provides critical security screening equipment used globally in airports, government buildings, and high-security checkpoints. Managing access to these machines is a vital part of maintaining operational integrity. For many systems, finding or resetting the Rapiscan default password is the first step for new administrators or when troubleshooting older units. The Importance of Secure Access
Default passwords are intended for the initial setup of a device. However, in the high-stakes environment of security screening, leaving these default credentials unchanged creates a significant vulnerability. For most modern Rapiscan equipment, the manufacturer does not provide a universal "default" password in publicly accessible manuals to prevent unauthorized access. Instead, they require users to Contact Rapiscan Systems Support or their authorized supplier to obtain unique login credentials. Common Login Procedures for Rapiscan Systems
Accessing a Rapiscan X-ray system generally involves a multi-step login process tailored to the user's role—typically categorized as Screener (formerly Operator) or Supervisor (formerly Administrator).
Primary Viewing Station (PVS): When the system boots up, a login dialog appears. Users must tap the User ID and Password fields to enter their credentials.
Case Sensitivity: Note that User IDs and Passwords on most Rapiscan systems are case-sensitive.
Expired Passwords: If the system indicates that a "User password has expired," you must create a new one that meets the manufacturer's complexity requirements.
Administrator Controls: For software like the OMNIC Paradigm interface often used with screening equipment, the default password is often simply "Password", but this must be changed immediately upon installation. Managing and Resetting Credentials
If you have forgotten your password or are locked out, Rapiscan provides several paths for recovery:
Member Portal: Authorized users can Request a Password Reset via the Rapiscan Systems website by providing their registered email address.
Knowledge Base: The Rapiscan KB Forgot Password page is another resource for verified account holders to regain access.
Remote Support: Rapiscan offers remote login capabilities to troubleshoot systems "live," which can include helping with access issues if local administrators are unable to log in. Security Best Practices for X-Ray Systems rapiscan default password
To ensure your facility remains secure, follow these essential guidelines for credential management:
[Research] IT admins are using weak passwords too - Outpost24
In security systems like those from Rapiscan Systems , default passwords are part of the initial configuration used by technicians and operators during setup or maintenance. While specific models (like the 600 Series
) have their own unique interfaces, the following general principles apply to Rapiscan equipment. Common Default Credentials
Most professional screening equipment uses a hierarchical access system. While Rapiscan does not publicly list a "universal" password for security reasons, standard industry defaults for such hardware often include: Blank Passwords
: Some older or base-level configurations may have the password field left empty by default. Create a New Password for Zosi DVR - Zosi Support Access Levels
Rapiscan systems typically categorize users into three main levels to ensure operational integrity:
: Basic access for running scans and using standard image manipulation tools. Supervisor
: Mid-level access for managing user IDs, reviewing logs, and adjusting basic sensitivity settings. Technician/Service
: High-level access for calibration, system diagnostics, and hardware configuration. Installation and Operating Manual Metor 6M - Quadient How to Manage or Reset Passwords
If the default credentials do not work or have been changed, you should follow these recovery steps: Consult the Manual : Each unit (e.g., the 600 Series ) comes with a proprietary Operator or Maintenance Manual
that contains the specific access codes assigned at the factory. Reset via Hardware
: Some portable or walk-through models have physical reset buttons or internal jumpers to restore factory defaults. Official Support : For sensitive equipment, it is recommended to contact Rapiscan Systems Global Support EMEA Help Desk for a secure reset. Security Best Practice
The alert didn’t scream. It whispered.
That was the first thing Jamal noticed when he walked into the National Cargo Screening Hub at 6:47 on a Tuesday morning. The main Rapiscan 620XR—a million-dollar X-ray behemoth designed to peer through shipping containers like they were made of cellophane—was supposed to blare a steady green "System Ready" tone. Instead, it hummed a low, mournful B-flat.
Jamal, the night shift lead, had already pulled two doubles. His coffee was cold. His patience was thinner than the steel the machine was supposed to see through. He slumped into the operator’s chair and tapped the touchscreen.
LOGIN REQUIRED
He snorted. The day shift guy, Kevin, always forgot to log out. Jamal drummed his fingers. What was the default again? He’d trained on these machines five years ago at a Rapiscan facility in Virginia. The instructor—a chain-smoking ex-TSA guy named Gerry—had laughed about it.
“They ship these things out of the factory with the same keys, same passwords, same everything,” Gerry had said. “admin / admin. Or if it’s the older firmware, ‘service’ with a blank password. Don’t lose it, kid. It’s the skeleton key to the kingdom.”
Jamal typed: admin
Password: admin
The screen flickered. ACCESS GRANTED: ADMINISTRATOR.
He didn’t think about it. He just wanted the hum to stop. He navigated to the diagnostic panel, cleared the "Generator Temperature Anomaly" warning, and rebooted the X-ray tube. The hum flattened into silence, then resolved into the proper green tone. Before we discuss passwords, it is vital to
Fixed, he thought, and went back to reviewing the night’s log.
Three hundred miles away, in a dimly lit apartment in Baltimore, a 22-year-old named Mara was doing something far less noble. She’d found a PDF on a public cybersecurity forum: “Industrial Control Default Credentials – 2024 Edition.” She was looking for water treatment plants (boring) or power grids (too obvious). But line 47 caught her eye.
Device: Rapiscan Systems Cargo X-Ray (Models 6XX, 9XX series)
Default Web Interface Port: 8443
Username: service
Password: [blank]
She had a cheap Python script that scanned for open port 8443 on random IP ranges. It took eleven minutes.
Target found: 204.112.87.204
She typed the IP into a browser. A login box appeared. Username: service. Password: [blank] .
She was in.
The interface was gorgeous. A live feed of the conveyor belt. A control panel with "Generator Power," "Conveyor Speed," "Image Gain," and "Historical Scan Archive." She wasn’t a terrorist. She wasn’t even a thief. She was just curious—and angry. Her cousin’s small shipping business had been ruined last year when customs flagged a container for "anomalous density" that turned out to be nothing but stacked yoga mats. The Rapiscan had false-positives. The system was a joke.
She clicked HISTORICAL SCAN ARCHIVE.
And froze.
The most recent scan—timestamped 06:52 AM today—showed a shipping container. But the operator had been sloppy. The contrast was cranked too low. The image was washed out. Mara adjusted the gain remotely. She cranked the DENSITY ALGORITHM to maximum.
The yoga mats faded. And something else appeared.
Sandwiched between two layers of lead sheeting (a classic shield) was a dense, rectangular mass. Organic. Uniform. Not metal. Not plastic.
Mara’s heart stopped. She knew that shape. She’d seen it in a documentary about nuclear smuggling.
HEU. Highly Enriched Uranium.
She pulled up the manifest. The container was labeled "RECYCLED RUBBER GRANULES – ORIGIN: PORT OF NEWARK – DESTINATION: ROTTERDAM."
She zoomed in on the operator ID. Jamal Reese.
She could see his login session. Still active. Still admin/admin.
Mara had two choices: close the browser and pretend she saw nothing, or do the one thing the Rapiscan manual never mentioned.
She opened a chat window on the machine’s internal messaging system—another feature the default password unlocked. She typed a single line to Operator ID JREESE:
"Jamal. Change your password. Then look at container 447-BRAVO again. You missed the lead liner."
In the cargo hub, Jamal choked on his cold coffee. A message appeared on his screen—from the machine itself. No, from someone inside the machine.
He stared at the scan. Adjusted the gain. " "Conveyor Speed
The yoga mats turned translucent. The lead sheeting glared white. And behind it, the dark, terrible rectangle of something that should never be in a rubber-granules shipment.
His finger trembled over the EMERGENCY STOP button.
And then, very quietly, he reached for the admin menu. He navigated to Change Password.
He typed something long. Random. Unguessable.
But as he hit save, a new message appeared on the screen—from Mara, still inside his system.
"Too late, Jamal. I already sent the screenshot to the FBI’s tip line. You’ve got about ten minutes. Use them wisely."
The machine hummed its steady green tone. But for the first time, Jamal realized the real vulnerability wasn’t the X-ray tube. It wasn’t the firmware. It was the tiny, lazy, human choice to leave the door unlocked.
And somewhere in the cargo hold, container 447-BRAVO sat silently, waiting for a driver who would never arrive.
For security reasons, standard default passwords for high-security equipment like Rapiscan Systems are not publicly disclosed and are typically set by the administrator during initial installation. Review of Rapiscan Systems X-Ray Scanners
Rapiscan is a leading provider of security screening technology, widely used in aviation, military, and correctional facilities.
Detection Capabilities: The systems utilize dual-energy detection to provide automatic color coding of materials, helping operators distinguish between organic (orange), mixed (green), and inorganic (blue) substances.
Ease of Use: Many models, such as the 600 series, feature ergonomic designs and standardized software platforms (OS600) to simplify operator training and maintenance.
Safety & Compliance: Systems like the Secure 1000 use backscatter technology that exceeds global health standards for radiation safety.
Reliability: Backed by a global support network (OSI Systems), Rapiscan offers 24/7 technical assistance and spare parts availability. Troubleshooting & Support
If you have lost access to a Rapiscan system, use the following official resources: Rapiscan Systems Website | Request password reset
Rapiscan Systems Website | Request password reset. Request password reset. Rapiscan Systems Website > Request password reset. Rapiscan Systems
Global Support - Services and Information - Rapiscan Systems
The default password reported for some older Rapiscan baggage x-ray machines is 344. However, modern Rapiscan equipment typically requires a specific user ID and password provided by the manufacturer or authorized supplier during setup.
If you have forgotten your password or the default does not work, Rapiscan provides several official support channels:
Customer Support: You can request a password reset directly through the Rapiscan Systems Website.
Knowledge Base: A dedicated portal is available at kb.rapiscansystems.com for additional troubleshooting.
Manuals: Many newer systems, such as the 920CT or RapidScan Reader, emphasize that users must contact their supplier to obtain or reset credentials. Rapiscan Systems Website | Request password reset
Rapiscan Systems Website | Request password reset. Request password reset. Rapiscan Systems Website > Request password reset. Rapiscan Systems
