Security

Lenovo’s Fingerprint Scanner Has a Hardcoded Password – Install Fix ASAP

Rafia Shaikh
Add Wccftech on Google Comments
Lenovo thinkpad security

Lenovo Fingerprint Scanner can be bypassed using a hardcoded password, the company has warned. An attacker with local, non-admin access can potentially use a Local Privilege Escalation vulnerability (tracked as CVE-2017-3762) to bypass fingerprint authentication and get access to sensitive data, including Windows login information.

In a security advisory, the company said that it is delivering updates for the fingerprint scanner app that is shipped with ThinkPad, ThinkCentre, and ThinkStation series. "A vulnerability has been identified in Lenovo Fingerprint Manager Pro," Lenovo said, adding that sensitive data is accessible to all users with local access.

Related Story ZOTAC Becomes The Latest AIB To Hike RTX 50 Prices As Soaring VRAM Costs Threaten To Drag Every Board Partner Along

"Sensitive data stored by Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in."

Lenovo fixes hardcoded password flaw - impacted ThinkPad and other systems

Rated high severity, Lenovo said that users need to install version 8.01.87 to fix these critical security issues. Everyone who is running Lenovo Fingerprint Manager Pro for Windows 7, 8, and 8.1 is affected. As for the machines, following Lenovo systems are at risk:

  • ThinkPad L560
  • ThinkPad P40 Yoga, P50s
  • ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
  • ThinkPad W540, W541, W550s
  • ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
  • ThinkPad X240, X240s, X250, X260
  • ThinkPad Yoga 14 (20FY), Yoga 460
  • ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
  • ThinkStation E32, P300, P500, P700, P900

The company has credited Jackson Thuraisamy, a senior security consultant with Security Compass, for finding and disclosing this high severity security flaw affecting fingerprint scanner. Users can download and update their Fingerprint Manager Pro to version 8.01.87 or later from here. More details about this security vulnerability are available over here at Lenovo.

Rafia Shaikh Photo

About the author: Rafia joined Wccftech in 2012 as a tech reporter. She is currently working on stories focusing on people and technologies that are turning Microsoft into a “company to watch” again. She is also responsible for collaborating with tech makers and e-commerce platforms to bring annoying but tempting deals to our readers.

Follow Wccftech on Google to get more of our news coverage in your feeds.

Further Reading

A variety of Lenovo Think devices, including ThinkBook, ThinkPad laptops, a desktop, monitors, a tablet, and a VR headset, are displayed in a lineup.

Lenovo Hits Buyers With Second Price Hike This Year, Tacking On Up To $147 Across Entire PC Lineup

Sarfraz Khan

NVIDIA To Claw Back Lost China Market With H200 Approval After US Curbs Crushed Its 95% Share Down To Nothing

Hassan Mujtaba
Google's Premium Googlebook Laptops Could Pack Intel's Panther Lake With 12Xe3 Cores, Year-Old Shipping Manifest Suggests

Intel Chips Are Powering Googlebook, Tackling Apple’s MacBook Neo With A “Premium & Powerful” Laptop

Hassan Mujtaba
A woman holds a sign displaying 'QuantumView™' next to two monitors showcasing 'QD-OLED vivified by Samsung Display' and 'QuantumView™' logos.

Samsung’s “QuantumView” Verification Shows Why Its QD-OLED Displays Are The Best In The World

Hassan Mujtaba

Trending Stories

Popular Discussions

Button