-->
Hard-Coded Password Lets Attackers Bypass Lenovo's Fingerprint Scanner

Hard-Coded Password Lets Attackers Bypass Lenovo's Fingerprint Scanner

Hard-Coded Password Lets Attackers Bypass Lenovo's Fingerprint Scanner

 Lenovo has of late rolled out safety patches for a severe vulnerability inward its Fingerp Hard-coded Password Lets Attackers Bypass Lenovo's Fingerprint Scanner
Lenovo has of late rolled out safety patches for a severe vulnerability inward its Fingerprint Manager Pro software that could permit leak sensitive information stored yesteryear the users.

Fingerprint Manager Pro is a utility for Microsoft Windows 7, 8 together with 8.1 operating systems that allows users to log into their fingerprint-enabled Lenovo PCs using their fingers. The software could likewise hold out configured to shop website credentials together with authenticate site via fingerprint.

In add-on to fingerprint data, the software likewise stores users sensitive information similar their Windows login credentials—all of which are encrypted using a weak cryptography algorithm.

According to the company, Fingerprint Manager Pro version 8.01.86 together with before contains a hard-coded password vulnerability, identified equally CVE-2017-3762, that made the software accessible to all users amongst local non-administrative access.

"Sensitive information stored yesteryear Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials together with fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, together with is accessible to all users amongst local non-administrative access to the organization it is installed in," the society said inward its advisory, giving brief nearly the vulnerability.
The vulnerability impacts Lenovo ThinkPad, ThinkCentre together with ThinkStation laptops, together with affects to a greater extent than than 2 dozen Lenovo ThinkPad models, 5 ThinkStation Models together with viii ThinkCentre models that run Windows 7, 8 together with the 8.1 operating systems.

Here's the amount listing of Lenovo devices compatible amongst Fingerprint Manager Pro together with impacted yesteryear the vulnerability:

  • ThinkPad L560
  • ThinkPad P40 Yoga, P50s
  • ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
  • ThinkPad W540, W541, W550s
  • ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
  • ThinkPad X240, X240s, X250, X260
  • ThinkPad Yoga xiv (20FY), Yoga 460
  • ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
  • ThinkStation E32, P300, P500, P700, P900

Lenovo has credited safety researcher Jackson Thuraisamy amongst Security Compass for discovering together with responsibly reporting the vulnerability.

The pop Chinese figurer manufacturer strongly recommends its ThinkPad customers to update their devices to Fingerprint Manager Pro version 8.01.87 or after to address the issue. You tin likewise caput on to the company's official website to create so.

Since Microsoft added native fingerprint reader back upwardly amongst Windows 10 operating system, therefore eliminating the necessitate for the Fingerprint Manager Pro software, Lenovo laptops running Windows 10 are non impacted yesteryear the vulnerability.
Blogger
Disqus
Pilih Sistem Komentar

No comments

Advertiser