The company detailed the security flaw discovered in its Fingerprint Manager Pro software in a security advisory last week.
By Hyacinth Mascarenhas
Lenovo has disclosed a security vulnerability in some of its devices that could allow a malicious actor to bypass the fingerprint scanner.
The security flaw was discovered in its Fingerprint Manager Pro software — an application embedded in certain Lenovo products that allows users to easily log into their PC and authenticate configured websites using fingerprint recognition.
In a security advisory issued last week, the company warned that sensitive data stored by the software, including users’ Windows login credentials and fingerprint data, is encrypted using a weak algorithm. The fingerprint scanner also features a hard-coded password that is “accessible to all users with local non-administrative access to the system it is installed in”.
Read the rest on International Business Times here: https://www.ibtimes.co.uk/hackers-could-bypass-lenovos-fingerprint-scanner-using-hardcoded-password-are-you-affected-1657199
Read additional coverage here:
- https://threatpost.com/lenovo-fixes-hardcoded-password-flaw-impacting-thinkpad-fingerprint-scanners/129680/
- https://www.theregister.co.uk/2018/01/26/the_latest_killerapp_for_windows_10_lenovos_bugridden_fingerprint_software/
- https://www.helpnetsecurity.com/2018/01/29/lenovo-fingerprint-manager-pro-vulnerability/
- https://thenextweb.com/security/2018/01/26/lenovo-fingerprint-manager-flaw-windows/