The presence of default or easily guessable passwords is not just a theoretical concern. Real-world research has demonstrated how such vulnerabilities can be exploited in Rapiscan equipment.
In the broader cybersecurity landscape, leaving default credentials unchanged on critical infrastructure like X-ray scanners is a significant vulnerability.
The most frequently reported default login for many Rapiscan systems is:
When Rapiscan machines are shipped from the factory, they often come pre-configured with a "default" username and password. These credentials are provided to allow technicians to complete the initial installation, configure network settings, and test functionality.
Some models have certain "backdoor" accounts that cannot be deleted or have passwords changed. For example, the food inspection scanner (used in agricultural security) had a documented hidden account debug with password debugmode that persisted across password changes. Rapiscan released a patch in 2019 to disable this, but many buyers never applied it. rapiscan default password
If you need to access a Rapiscan system and the default credentials are not working, or if you have forgotten the password, follow these steps:
This is not theoretical. In 2021, a European airport suffered a ransomware attack that entered precisely through a baggage scanner maintenance port using default credentials.
The risk extends beyond physical access. For example, the vulnerability, publicly disclosed in January 2025, revealed that the Rapiscan Systems HI-SCAN 6040i Hitrax transmitted user credentials in cleartext over the GIOP protocol. This flaw can allow attackers to capture these unencrypted credentials—including default or unchanged ones—via a man-in-the-middle (MitM) attack, leading to the exposure of sensitive information.
Log in using the current authorized administrative credential. The presence of default or easily guessable passwords
Whether you are a security technician setting up new equipment or an IT administrator securing facility assets, understanding how to handle default passwords on Rapiscan machines is critical to preventing unauthorized access. What is a Rapiscan Default Password?
Rapiscan Systems Website | Request password reset. Request password reset. Rapiscan Systems Website > Request password reset. Rapiscan Systems
The RTT110 is a more complex system, but its diagnostic mode retains a critical flaw. When booting into "Maintenance Mode" (accessed via a hidden key combination during POST), the system drops to a root shell with no password required. If the default OS password was never changed, it remains:
Rapiscan systems generally utilize three default user levels to control access to sensitive functions: The most frequently reported default login for many
In 2019, a security researcher presented findings at DEF CON showing that several airport screening units (including some Rapiscan models) still responded to default credentials. An adversary with physical access to a checkpoint’s network port could:
Leaving a Rapiscan default password in place can violate several regulations:
Ensure only trained, authorized personnel can access the control panel.