Lenovo's Fingerprint Manager Pro exposed user passwords, security update released

The security flaw only affected Windows 7 / 8/ 8.1 systems. (Source: Lenovo)

The fingerprint software vulnerability affects quite a few ThinkPad, ThinkCentre and ThinkStation models that run Windows 7, 8 or 8.1.

Bogdan Solca, Published 01/30/2018

Lenovo announced that week that a security vulnerability exposed user login credentials and fingerprint data through the proprietary Fingerprint Manager Pro software. This utility comes with most of Lenovo’s ThinkPad, ThinkCentre and ThinkStation PCs, and its deficient encryption algorithm could be exploited to bypass the fingerprint scanner altogether in order to gain access to the entire system.

On January 25, Lenovo issued a security update with the explanation that the software only affected devices running Windows 7/8/8.1, but not Windows 10, as this version has its own fingerprint manger known as Hello. Lenovo also specified that the vulnerability was exploitable only via local access of the affected device, so hackers could not actually gain remote control of the systems using internet connections. This vulnerability was identified by Jackson Thuraisamy from Security Compass.

It seems like Lenovo knew about this problem for some time, as the vulnerability announcement advises affected users to install version 8.01.87 released on January 12, and still chose to make the situation public only on January 25.

Source(s)

Lenovo

"123456" and "password" are officially 2018's worst passwords 12/16/2018

The new Lenovo smartphone is expected to offer an impressive screen-to-body ratio. (Source: Weibo)

Lenovo developing new flagship smartphone 05/09/2018

The 100e is the only model not to feature the 2-in-1 design among the three new Chromebooks. (Source: Lenovo)

Lenovo's 100e/300e/500e Chromebooks are some of the toughest devices at MWC 02/26/2018

The Lenovo 100e is a low-cost Chromebook competitor for the classroom. (Source: Lenovo)

Lenovo introduces four new Windows 10 education notebooks starting at US$219 01/23/2018

The G6 is expected to cost around US$240. (Source: Droid Life)

Lenovo Moto G6 lineup leaks out 01/17/2018

Portable Lenovo Thunderbolt 3 dock integrates a GTX 1050 GPU (Source: Lenovo)

Portable Lenovo Thunderbolt 3 dock integrates a GTX 1050 GPU 01/12/2018

Lenovo Mirage Solo plus controller and Mirage Camera. (Source: Lenovo)

Get lost in a mirage with the wireless Lenovo Mirage Solo VR headset and Mirage Camera 01/09/2018

Lenovo ThinkPad X1 Carbon finally coming with Kaby Lake-R options (Source: Lenovo)

Lenovo ThinkPad X1 Carbon coming with HDR and Kaby Lake-R options 01/09/2018

Loading Comments

Comment on this article

Microsoft acquires cloud-connected ...

Samsung launches 800 GB ultra-low l...

Bogdan Solca - Senior Tech Writer - 2253 articles published on Notebookcheck since 2017

I first stepped into the wondrous IT&C world when I was around seven years old. I was instantly fascinated by computerized graphics, whether they were from games or 3D applications like 3D Max. I'm also an avid reader of science fiction, an astrophysics aficionado, and a crypto geek. I started writing PC-related articles for Softpedia and a few blogs back in 2006. I joined the Notebookcheck team in the summer of 2017 and am currently a senior tech writer mostly covering processor, GPU, and laptop news.

contact me via: Facebook

Please share our article, every link counts!

> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2018 01 > Lenovo's Fingerprint Manager Pro exposed user passwords, security update released

Bogdan Solca, 2018-01-30 (Update: 2018-01-30)

Lenovo's Fingerprint Manager Pro exposed user passwords, security update released

Source(s)

Related Articles