Jackson Thuraisamy from Security Compass identified a vulnerability with Lenovo Fingerprint Manager Pro on Windows 7, 8, and 8.1. Sensitive data stored by Lenovo Fingerprint Manager Pro, including user Windows login credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in.
The fingerprint manager is used to login to Lenovo computers equipped with a fingerprint reader. The vulnerability does not affect Windows 10 users, so if you’ve updated to 10 you should be clear. For Windows 7, 8, and 8.1 users. It is recommended that you update your Lenovo software to version 8.01.87 or later which will get rid of the vulnerability. Here is a list of Lenovo computers that may be affected, noting again that Windows 10 users are NOT affected. Windows 10 systems do not use the Lenovo Fingerprint Manager Pro software but instead, use Microsoft’s built-in fingerprint reader support.
- ThinkPad L560
- ThinkPad P40 Yoga, P50s
- ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
- ThinkPad W540, W541, W550s
- ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
- ThinkPad X240, X240s, X250, X260
- ThinkPad Yoga 14 (20FY), Yoga 460
- ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
- ThinkStation E32, P300, P500, P700, P900
We’d recommend going a step further and updating your Windows 7, 8, and 8.1 system to Windows 10. Of course, the opportunity to get a free Windows 10 upgrade is gone but it is a much better OS than the previous iterations. For now, just doing a simple update of the Lenovo software will keep you protected.
What do you think of this vulnerability? Do you have a Lenovo system that is affected? Did you know about this vulnerability already? Have you updated? Let us know by leaving your comments down below, or on Google+, Twitter, or Facebook.Source: Lenovo