Home > News content

Lenovo Admits Fingerprint Manager Vulnerability Recommended Upgrade ASAP (Video)

via:cnBeta.COM     time:2018/1/27 11:31:33     readed:896


According to Lenovo's disclosure details, Fingerprint Manager includes a hard-coded password that is used to access local non-administrator users. In addition, the app stores fingerprints such as Windows credentials and fingerprinting using "bad algorithm".

Wrote: "Sensitive data stored by Lenovo Fingerprint Manager Pro, including user's Windows credentials and fingerprinted data encrypted using a poorly fragile algorithm, contains a hardcoded password that gives access to all local non-administrative Account. "

The vulnerability was discovered by Jackson Thuraisamy from Security Compass. According to information posted on the Lenovo website, a complete list of devices equipped with Fingerprint Manager is included

ThinkPad L560

ThinkPad P40 Yoga, P50s

ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560

ThinkPad W540, W541, W550s

ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)

ThinkPad X240, X240s, X250, X260

ThinkPad Yoga 14 (20FY), Yoga 460

ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z

ThinkStation E32, P300, P500, P700, P900

Affected device users recommended as soon as possibleAfter installing 8.01.87 version.

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments