-->
Hard-Coded Password Lets Attackers Bypass Lenovo's Fingerprint Scanner

Hard-Coded Password Lets Attackers Bypass Lenovo's Fingerprint Scanner

Hard-Coded Password Lets Attackers Bypass Lenovo's Fingerprint Scanner

 Lenovo has lately rolled out safety patches for a severe vulnerability inward its Fingerp Hard-coded Password Lets Attackers Bypass Lenovo's Fingerprint Scanner
Lenovo has lately rolled out safety patches for a severe vulnerability inward its Fingerprint Manager Pro software that could permit leak sensitive information stored yesteryear the users.

Fingerprint Manager Pro is a utility for Microsoft Windows 7, 8 as well as 8.1 operating systems that allows users to log into their fingerprint-enabled Lenovo PCs using their fingers. The software could likewise survive configured to shop website credentials as well as authenticate site via fingerprint.

In improver to fingerprint data, the software likewise stores users sensitive information similar their Windows login credentials—all of which are encrypted using a weak cryptography algorithm.

According to the company, Fingerprint Manager Pro version 8.01.86 as well as before contains a hard-coded password vulnerability, identified equally CVE-2017-3762, that made the software accessible to all users alongside local non-administrative access.

"Sensitive information stored yesteryear Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials as well as fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, as well as is accessible to all users alongside local non-administrative access to the organisation it is installed in," the companionship said inward its advisory, giving brief virtually the vulnerability.
The vulnerability impacts Lenovo ThinkPad, ThinkCentre as well as ThinkStation laptops, as well as affects to a greater extent than than 2 dozen Lenovo ThinkPad models, 5 ThinkStation Models as well as 8 ThinkCentre models that run Windows 7, 8 as well as the 8.1 operating systems.

Here's the amount listing of Lenovo devices compatible alongside Fingerprint Manager Pro as well as impacted yesteryear the vulnerability:

  • ThinkPad L560
  • ThinkPad P40 Yoga, P50s
  • ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
  • ThinkPad W540, W541, W550s
  • ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
  • ThinkPad X240, X240s, X250, X260
  • ThinkPad Yoga xiv (20FY), Yoga 460
  • ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
  • ThinkStation E32, P300, P500, P700, P900

Lenovo has credited safety researcher Jackson Thuraisamy alongside Security Compass for discovering as well as responsibly reporting the vulnerability.

The pop Chinese estimator manufacturer strongly recommends its ThinkPad customers to update their devices to Fingerprint Manager Pro version 8.01.87 or after to address the issue. You tin likewise caput on to the company's official website to produce so.

Since Microsoft added native fingerprint reader back upwardly alongside Windows 10 operating system, hence eliminating the necessitate for the Fingerprint Manager Pro software, Lenovo laptops running Windows 10 are non impacted yesteryear the vulnerability.
Blogger
Disqus
Pilih Sistem Komentar

No comments

Advertiser