Granted access to hardware diagnostics and deep configuration tools. Phase 3: Network Isolation
The alert didn’t scream. It whispered. rapiscan default password
For high-stake security equipment like Rapiscan scanners, failing to change these default credentials poses acute risks: | | Rapiscan AS&E MINI Z (Windows OS)
Without changing the default, anyone with basic knowledge of the machine can gain elevated access. A critical note is that
| Device / Software Context | Default Credentials | Notes & Source | | :--- | :--- | :--- | | | Passwords are provided during training; not published in manuals. | Factory passwords are distributed separately to authorized personnel for security reasons and must be changed during the initial training session. | | Rapiscan AS&E MINI Z (Windows OS) | Username: asepassword | This is the default password for the tablet's Windows operating system account. It should be changed to a confidential password immediately after initial configuration. | | Rapiscan AS&E MINI Z (Application Login) | Username: ScannerUser Password: (none) | This is the default user account for the scanning application. It does not require a password. Access to the underlying Windows OS is blocked from this account. | | Rapiscan TSA TPM-903B (Transportable Portal Monitor) | Password: 1234 | This password is used to access the system's setup menu. A critical note is that, for this specific model, the password is hardcoded to "1234" and cannot be changed . | | Rapiscan 422 B X-ray System | Credentials stored in plaintext. | Security researcher Billy Rios demonstrated that this system stores user credentials in plaintext, a fundamental security weakness. | | Rapiscan AS&E MINI Z (Supervisor Setup) | Auto-login enabled by default. | When shipped from the factory, the system is configured to automatically log in as a supervisor ( SITEADMIN ) without a password for initial setup. This feature should be reconfigured immediately. |