Technology News

Lenovo Fingerprint Manager Software on Older Windows Machines Is Vulnerable to Hacks

By Jagmeet Singh | Updated: 30 January 2018 11:42 IST
Lenovo Fingerprint Manager Software on Older Windows Machines Is Vulnerable to Hacks
Highlights
  • Lenovo acknowledges the existence of the vulnerability
  • The vulnerability exists in the company's Fingerprint Manager Pro
  • Windows 10 devices remain unaffected
Advertisement

A critical vulnerability has emerged on over three dozen Lenovo systems that could let hackers bypass fingerprint scanner and gain access to existing Windows credentials. Machines that are affected by the security loophole includes several ThinkPad, ThinkStation, and ThinkCentre systems. Lenovo has acknowledged the flaw and released an update to its Fingerprint Manager Pro as a part of its mitigation strategy.

The latest vulnerability, which the company marked with high severity, exists in the Lenovo Fingerprint Pro utility that is specifically designed for Lenovo ThinkPad, ThinkStation, and ThinkCentre running Windows 7, Windows 8, and Windows 8.1. The scope of the vulnerability is quite wide as hackers could achieve access to Windows login credentials and fingerprint data. Nevertheless, it remains unaffected on systems with Windows 10 as the new operating system uses Microsoft's built-in fingerprint reader support through Windows Hello.

"Sensitive data stored by Lenovo Fingerprint Manager Pro, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in," Lenovo said in a security advisory.

The list of models that are affected with the flaw includes the Lenovo ThinkPad L560, ThinkPad P40 Yoga, ThinkPad P50s Yoga, ThinkPad T440, ThinkPad T440p, ThinkPad T440s, ThinkPad T450, ThinkPad T450s, ThinkPad T460, ThinkPad T540p, ThinkPad T550, ThinkPad T560, ThinkPad W540, ThinkPad W541, ThinkPad W550s, ThinkPad X1 Carbon (Type 20A7, 20A8), ThinkPad X1 Carbon (Type 20BS, 20BT), ThinkPad X240, ThinkPad X240s, ThinkPad X250, ThinkPad X260, ThinkPad Yoga 14 (20FY), ThinkPad Yoga 460, ThinkCentre M73, ThinkCentreM73z, ThinkCentre M78, ThinkCentre M79, ThinkCentre M83, ThinkCentre M93p, ThinkCentre M93z, ThinkStation E32, ThinkStation P300, ThinkStation P500, ThinkCentre P700, and ThinkCentre P900.

Importantly, the vulnerability can only be exploited with local access. This means that the hacker needs to bypass the weak security layer in person, instead of using any remote access channel.

As of January 25, Lenovo has released Fingerprint Manager Pro version 8.01.87 to mitigate the vulnerability.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Lenovo Fingerprint Manager Pro, Fingerprint Manager, Lenovo, Windows, PCs, Microsoft
A Man Accused of Cheating at Video Games May Lose His Decades-Old Guinness World Record
Facebook Details Its Privacy Principles as It Braces for New EU Law
Lenovo Fingerprint Manager Software on Older Windows Machines Is Vulnerable to Hacks
Comment
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi

Advertisement

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Amazon Great Summer Sale Begins: Best Offers Today
  2. Samsung Could Soon Introduce 'New Premium Models' of Galaxy Watch
  3. Nokia 215 4G, Nokia 225 4G and Nokia 235 4G Feature Phones Debut: Details
  4. Vivo V30e With 50-Megapixel Front Camera, Aura Light Debuts in India
  5. Flipkart Big Saving Days: Best Mobile Deals on Samsung, Apple & More
  6. Best Smartwatches Under Rs. 5,000 During Amazon Great Summer Sale 2024
  7. OnePlus Watch 2 Review
  8. Amazon Great Summer Sale 2024: Best Laptops Deals on Apple, Asus, & More
  9. Infinix GT 20 Pro India Launch Confirmed; GT Book Laptop, More in Pipeline
#Latest Stories
  1. Enforcement Directorate Seizes Rs. 90 Crore Funds Kept in Binance, ZebPay, WazirX Wallets
  2. Jack Dorsey’s Block Reportedly Under Investigation in the US
  3. Samsung Hints at Introducing ‘New Premium Models’ of Galaxy Watch, Galaxy Ring Launch Tipped Too
  4. Vivo V30e With 5,500mAh Battery, 50-Megapixel Selfie Camera Launched in India: Price, Specifications
  5. Japanese Watch Giant Casio Forays into NFT Space: Details
  6. Noise Pop Buds With Up to 50 Hours Total Battery Life, ENC Support Launched in India: Price, Specifications
  7. WhatsApp Communities to Get New Events Feature, Replies to Announcement Groups
  8. Anthropic Launches Claude iOS App to Bring the AI Assistant to the iPhone
  9. Infinix GT 20 Pro Teased to Launch Soon in India; GT Verse to Feature GT Book Laptop, Earbuds, More
  10. PS Plus Monthly Free Games for May Include EA Sports FC 24, Ghostrunner 2, Tunic and Destiny 2: Lightfall
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »