Latest in Gear

Image credit: Bloomberg via Getty Images

Lenovo’s fingerprint manager left passwords vulnerable

A patch has already been released.
362 Shares
Share
Tweet
Share

Sponsored Links

Bloomberg via Getty Images

A slew of Lenovo devices have left users' systems vulnerable to a breach. Fingerprint Manager Pro software installed on any of some three dozen ThinkPad, ThinkCentre or ThinkStation devices apparently features weak encryption that allows someone to bypass the fingerprint scanner and take advantage of a hardcoded password in order to gain access to the system. It also exposes users' logon credentials and fingerprint data. Lenovo described the vulnerability in a security update and released a patch for the bug last week.

There is some good news. The software was only used on devices running Windows 7, 8 and 8.1. Windows 10 didn't require the software, so systems using it won't need an update. Also, the vulnerability couldn't be exploited via the internet, only with local access, which limits users' exposure quite a bit.

The patch was released on the 25th. You can get it here along with more information and a list of the affected devices.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
362 Shares
Share
Tweet
Share

Popular on Engadget

What's on TV this week: 'Knives Out' and 'Altered Carbon'

What's on TV this week: 'Knives Out' and 'Altered Carbon'

View
HTC opens pre-orders for its $899 Vive Cosmos Elite VR headset

HTC opens pre-orders for its $899 Vive Cosmos Elite VR headset

View
TurboTax maker Intuit buys Credit Karma to corner personal financial data

TurboTax maker Intuit buys Credit Karma to corner personal financial data

View
Apple dives deep into specs for the Mac Pro and Pro Display XDR

Apple dives deep into specs for the Mac Pro and Pro Display XDR

View
'Cyberpunk 2077' studio commits to a free Xbox Series X upgrade

'Cyberpunk 2077' studio commits to a free Xbox Series X upgrade

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr