Rapiscan Default Password Link

This system, famous for its "naked scanner" controversy, runs a proprietary OS but includes a service terminal via RS-232 serial port. The default credentials for the service interface are:

Based on leaked service manuals, reverse engineering reports, and vulnerability disclosures from the past decade, the most frequently cited Rapiscan default passwords fall into several categories:

| Role / Access Level | Common Username | Common Default Password | Notes | |---------------------|----------------|------------------------|-------| | Operator (Basic scan review) | operator | ops or pass | Often no password at all on older units. | | Supervisor (Image storage, threat image projection) | supervisor | super123 or 9999 | Widely documented on 600-series X-ray units. | | Administrator / Service (Full system control, calibration) | admin | admin | The most dangerous default. | | Service Engineer | service | service or 0000 | Grants access to X-ray power adjustments. | | Windows Embedded Login | Administrator | rapiscan or P@ssw0rd | Since many run Windows, the OS password is often weak. | | Web Interface (older models) | root | root or rtt | For network-enabled management portals. | | Rapiscan 632DV (specific) | user | user | Documented in 2015 ICS-CERT advisory. | rapiscan default password

Critical Note: Rapiscan frequently changes defaults for different product lines and firmware versions. One of the most infamous default passwords—rumored in security circles but never officially confirmed—was a hardcoded backdoor: rapiscan with no username. However, modern units (post-2018) typically force password changes during initial commissioning.

A: Most models have a physical jumper or button on the mainboard that resets credentials to factory defaults. This requires opening the chassis and usually voids the warranty if done improperly. Contact Rapiscan support. This system, famous for its "naked scanner" controversy,

The RTT110 is a more complex system, but its diagnostic mode retains a critical flaw. When booting into "Maintenance Mode" (accessed via a hidden key combination during POST), the system drops to a root shell with no password required. If the default OS password was never changed, it remains:

  • Change or disable:
  • Create a dedicated service account with a strong password and log all access.

    • Perform quarterly penetration tests that specifically check for default credentials. Many commercial scanning tools (Nessus, OpenVAS) have plugins to test Rapiscan default passwords. A: Most models have a physical jumper or

    For organizations currently operating Rapiscan or similar scanning equipment, the review of this topic yields several actionable takeaways:

    If you are responsible for Rapiscan equipment, perform this audit immediately.

    Southern Hollow © 2026