Notebookcheck
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Lenovo's Fingerprint Manager Pro exposed user passwords, security update released

The security flaw only affected Windows 7 / 8/ 8.1 systems. (Source: Lenovo)
The security flaw only affected Windows 7 / 8/ 8.1 systems. (Source: Lenovo)
The fingerprint software vulnerability affects quite a few ThinkPad, ThinkCentre and ThinkStation models that run Windows 7, 8 or 8.1.
Bogdan Solca,
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Lenovo announced that week that a security vulnerability exposed user login credentials and fingerprint data through the proprietary Fingerprint Manager Pro software. This utility comes with most of Lenovo’s ThinkPad, ThinkCentre and ThinkStation PCs, and its deficient encryption algorithm could be exploited to bypass the fingerprint scanner altogether in order to gain access to the entire system.

On January 25, Lenovo issued a security update with the explanation that the software only affected devices running Windows 7/8/8.1, but not Windows 10, as this version has its own fingerprint manger known as Hello. Lenovo also specified that the vulnerability was exploitable only via local access of the affected device, so hackers could not actually gain remote control of the systems using internet connections. This vulnerability was identified by Jackson Thuraisamy from Security Compass.

It seems like Lenovo knew about this problem for some time, as the vulnerability announcement advises affected users to install version 8.01.87 released on January 12, and still chose to make the situation public only on January 25.

Source(s)

static version load dynamic
Loading Comments
Comment on this article
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 
Bogdan Solca
Bogdan Solca - Senior Tech Writer - 1497 articles published on Notebookcheck since 2017
I first stepped into the wondrous IT&C world when I was around seven years old. I was instantly fascinated by computerized graphics, whether they were from games or 3D applications like 3D Max. I'm also an avid reader of science fiction, an astrophysics aficionado, and a crypto geek. I started writing PC-related articles for Softpedia and a few blogs back in 2006. I joined the Notebookcheck team in the summer of 2017 and am currently a senior tech writer mostly covering processor, GPU, and laptop news.
contact me via: Facebook
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2018 01 > Lenovo's Fingerprint Manager Pro exposed user passwords, security update released
Bogdan Solca, 2018-01-30 (Update: 2018-01-30)