Notebookcheck

Lenovo's Fingerprint Manager Pro exposed user passwords, security update released

The security flaw only affected Windows 7 / 8/ 8.1 systems. (Source: Lenovo)
The security flaw only affected Windows 7 / 8/ 8.1 systems. (Source: Lenovo)
The fingerprint software vulnerability affects quite a few ThinkPad, ThinkCentre and ThinkStation models that run Windows 7, 8 or 8.1.

Lenovo announced that week that a security vulnerability exposed user login credentials and fingerprint data through the proprietary Fingerprint Manager Pro software. This utility comes with most of Lenovo’s ThinkPad, ThinkCentre and ThinkStation PCs, and its deficient encryption algorithm could be exploited to bypass the fingerprint scanner altogether in order to gain access to the entire system.

On January 25, Lenovo issued a security update with the explanation that the software only affected devices running Windows 7/8/8.1, but not Windows 10, as this version has its own fingerprint manger known as Hello. Lenovo also specified that the vulnerability was exploitable only via local access of the affected device, so hackers could not actually gain remote control of the systems using internet connections. This vulnerability was identified by Jackson Thuraisamy from Security Compass.

It seems like Lenovo knew about this problem for some time, as the vulnerability announcement advises affected users to install version 8.01.87 released on January 12, and still chose to make the situation public only on January 25.

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2018 01 > Lenovo's Fingerprint Manager Pro exposed user passwords, security update released
Bogdan Solca, 2018-01-30 (Update: 2018-01-30)
Bogdan Solca
Bogdan Solca - News Editor
I stepped into the wonderous IT&C world when I was around 7. I was instantly fascinated by computerized graphics, be them from games or 3D applications like 3D Max. I like to keep myself up to date with all the new technologies that get released at an ever increasing rate these days. I'm also an avid SciFi reader, an astrophysics aficionado and, as of late, a crypto geek.