Lenovo’s fingerprint manager left passwords vulnerable
A slew of Lenovo devices have left users’ systems vulnerable to a breach. Fingerprint Manager Pro software installed on any of some three dozen ThinkPad, ThinkCentre or ThinkStation devices apparently features weak encryption that allows someone to bypass the fingerprint scanner and take advantage of a hardcoded password in order to gain access to the system. It also exposes users’ logon credentials and fingerprint data. Lenovo described the vulnerability in a security update and released a patch for the bug last week.
There is some good news. The software was only used on devices running Windows 7, 8 and 8.1. Windows 10 didn’t require the software, so systems using it won’t need an update. Also, the vulnerability couldn’t be exploited via the internet, only with local access, which limits users’ exposure quite a bit.
The patch was released on the 25th. You can get it here along with more information and a list of the affected devices.
Via: Gizmodo
Source: Lenovo
AIVAnet 