Fingerprint Manager Pro is a utility for Microsoft Windows 7, 8 as well as 8.1 operating systems that allows users to log into their fingerprint-enabled Lenovo PCs using their fingers. The software could likewise survive configured to shop website credentials as well as authenticate site via fingerprint.
In improver to fingerprint data, the software likewise stores users sensitive information similar their Windows login credentials—all of which are encrypted using a weak cryptography algorithm.
According to the company, Fingerprint Manager Pro version 8.01.86 as well as before contains a hard-coded password vulnerability, identified equally CVE-2017-3762, that made the software accessible to all users alongside local non-administrative access.
"Sensitive information stored yesteryear Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials as well as fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, as well as is accessible to all users alongside local non-administrative access to the organisation it is installed in," the companionship said inward its advisory, giving brief virtually the vulnerability.
Here's the amount listing of Lenovo devices compatible alongside Fingerprint Manager Pro as well as impacted yesteryear the vulnerability:
- ThinkPad L560
- ThinkPad P40 Yoga, P50s
- ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
- ThinkPad W540, W541, W550s
- ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
- ThinkPad X240, X240s, X250, X260
- ThinkPad Yoga xiv (20FY), Yoga 460
- ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
- ThinkStation E32, P300, P500, P700, P900
Lenovo has credited safety researcher Jackson Thuraisamy alongside Security Compass for discovering as well as responsibly reporting the vulnerability.
The pop Chinese estimator manufacturer strongly recommends its ThinkPad customers to update their devices to Fingerprint Manager Pro version 8.01.87 or after to address the issue. You tin likewise caput on to the company's official website to produce so.
Since Microsoft added native fingerprint reader back upwardly alongside Windows 10 operating system, hence eliminating the necessitate for the Fingerprint Manager Pro software, Lenovo laptops running Windows 10 are non impacted yesteryear the vulnerability.
