Fingerprint Manager Pro is a utility for Microsoft Windows 7, 8 together with 8.1 operating systems that allows users to log into their fingerprint-enabled Lenovo PCs using their fingers. The software could likewise hold out configured to shop website credentials together with authenticate site via fingerprint.
In add-on to fingerprint data, the software likewise stores users sensitive information similar their Windows login credentials—all of which are encrypted using a weak cryptography algorithm.
According to the company, Fingerprint Manager Pro version 8.01.86 together with before contains a hard-coded password vulnerability, identified equally CVE-2017-3762, that made the software accessible to all users amongst local non-administrative access.
"Sensitive information stored yesteryear Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials together with fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, together with is accessible to all users amongst local non-administrative access to the organization it is installed in," the society said inward its advisory, giving brief nearly the vulnerability.
Here's the amount listing of Lenovo devices compatible amongst Fingerprint Manager Pro together with impacted yesteryear the vulnerability:
- ThinkPad L560
- ThinkPad P40 Yoga, P50s
- ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
- ThinkPad W540, W541, W550s
- ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
- ThinkPad X240, X240s, X250, X260
- ThinkPad Yoga xiv (20FY), Yoga 460
- ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
- ThinkStation E32, P300, P500, P700, P900
Lenovo has credited safety researcher Jackson Thuraisamy amongst Security Compass for discovering together with responsibly reporting the vulnerability.
The pop Chinese figurer manufacturer strongly recommends its ThinkPad customers to update their devices to Fingerprint Manager Pro version 8.01.87 or after to address the issue. You tin likewise caput on to the company's official website to create so.
Since Microsoft added native fingerprint reader back upwardly amongst Windows 10 operating system, therefore eliminating the necessitate for the Fingerprint Manager Pro software, Lenovo laptops running Windows 10 are non impacted yesteryear the vulnerability.
