The popular Chinese PC manufacturer Lenovo recently rolled out security patches for a severe vulnerability in its Fingerprint Manager Pro software that could allow attackers to more easily gain access to sensitive data stored by the s. It issued a fix for a hardcoded flaw impacting ThinkPad, ThinkCentre, and ThinkStation laptops.
Lenovo Fingerprint Manager Pro is a utility that allows s to to their PCs or authenticate to configured websites using fingerprint recognition.
In a security advisory notice giving brief about the vulnerability, Lenovo warns:
“A vulnerability has been identified in Lenovo Fingerprint Manager Pro. Sensitive data stored by Lenovo Fingerprint Manager Pro, including s’ Windows credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded , and is accessible to all s with local non-istrative access to the system it is installed in.”
The flaw affects nearly a dozen Lenovo laptop models that run versions of Microsoft Windows 7, 8 and the 8.1 operating system. Here’s the full list of them:
- ThinkPad L560
- ThinkPad P40 Yoga, P50s
- ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
- ThinkPad W540, W541, W550s
- ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
- ThinkPad X240, X240s, X250, X260
- ThinkPad Yoga 14 (20FY), Yoga 460
- ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
- ThinkStation E32, P300, P500, P700, P900
According to Lenovo, Fingerprint Manager Pro version 8.01.86 and earlier contains a hard-coded vulnerability, that made the software accessible to all s with local non-istrative access. So, to address the issue, the company is urging s of the above-mentioned laptops to update their Lenovo Fingerprint Manager Pro version to 8.01.87 or higher.
However, Lenovo s with Windows 10 need to worry as they are not impacted by the vulnerability because that version of Microsoft’s operating system s native fingerprint reader technology.
