Lenovo’s Fingerprint Scanner Can Be Bypassed via a Hardcoded Password[bleepingcomputer]

by CIRT Team

Lenovo has issued security updates for a fingerprint scanner app it shipped with ThinkPad, ThinkCentre, and ThinkStation machines.

Fingerprint Manager Pro is an application developed by Lenovo that allows users to log into Windows machines and online websites by scanning one of their fingerprints using the fingerprint scanner embedded in selected Lenovo products.

“A vulnerability has been identified in Lenovo Fingerprint Manager Pro,” said Lenovo in a security advisory published last week.

“Sensitive data stored by Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in,” the company said.

What this means is that an attacker could take advantage of the hardcoded password to bypass fingerprint authentication, and even decrypt existing Windows logon credentials and fingerprint data.

Update made available last week

Lenovo Fingerprint Manager Pro for Windows 7, 8, and 8.1 versions are affected. Lenovo has published version 8.01.87 that fixes the said problem.

For more, click here.

CIRT Team

Recommended Posts

Training on cybersecurity awareness for Department of Women Affairs

25 Nov 2023 - Articles, English articles, News, News Clipping, Service

BGD e-GOV CIRT এর আয়োজনে আয়োজনে আর্থিক প্রতিষ্ঠান ও CII সমূহের সাইবার ড্রিল ২০২৩ চূড়ান্ত পর্ব অনুষ্ঠিত

22 Oct 2023 - Articles, Bangla Articles, CIRT In Media, News, News Clipping

WhatsApp down for millions of users globally: App not working for group and individual chats; Twitter gets flooded with memes

25 Oct 2022 - News, News Clipping