Latest in Gear

Image credit: Bloomberg via Getty Images

Lenovo’s fingerprint manager left passwords vulnerable

A patch has already been released.
358 Shares
Share
Tweet
Share
Save
Bloomberg via Getty Images

A slew of Lenovo devices have left users' systems vulnerable to a breach. Fingerprint Manager Pro software installed on any of some three dozen ThinkPad, ThinkCentre or ThinkStation devices apparently features weak encryption that allows someone to bypass the fingerprint scanner and take advantage of a hardcoded password in order to gain access to the system. It also exposes users' logon credentials and fingerprint data. Lenovo described the vulnerability in a security update and released a patch for the bug last week.

There is some good news. The software was only used on devices running Windows 7, 8 and 8.1. Windows 10 didn't require the software, so systems using it won't need an update. Also, the vulnerability couldn't be exploited via the internet, only with local access, which limits users' exposure quite a bit.

The patch was released on the 25th. You can get it here along with more information and a list of the affected devices.

From around the web

ear iconeye icontext filevr