Lenovo’s fingerprint manager left passwords vulnerable

A patch has already been released.

Sponsored Links

Bloomberg via Getty Images
Bloomberg via Getty Images

A slew of Lenovo devices have left users' systems vulnerable to a breach. Fingerprint Manager Pro software installed on any of some three dozen ThinkPad, ThinkCentre or ThinkStation devices apparently features weak encryption that allows someone to bypass the fingerprint scanner and take advantage of a hardcoded password in order to gain access to the system. It also exposes users' logon credentials and fingerprint data. Lenovo described the vulnerability in a security update and released a patch for the bug last week.

There is some good news. The software was only used on devices running Windows 7, 8 and 8.1. Windows 10 didn't require the software, so systems using it won't need an update. Also, the vulnerability couldn't be exploited via the internet, only with local access, which limits users' exposure quite a bit.

The patch was released on the 25th. You can get it here along with more information and a list of the affected devices.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget