Lenovo's fingerprint scanner has a hardcoded password

By

And admin creds can be snagged.

Software shipped with Lenovo computers for biometric authentication contains a hardcoded password and allows for easy decryption of stored data, researchers have found.

Lenovo's fingerprint scanner has a hardcoded password

Security Compass researcher Jackson Thuraisamy reported to Lenovo that its Fingerprint Manager Pro utility shipped with Windows 7, 8 and 8.1 computers encrypts operating system credentials and biometrics data with a weak algorithm, making it easily crackable.

Additionally, the software contains a hardcoded password that means any users with local system access could view the stored data.

Lenovo is now advising users to upgrade to version 8.01.87 of Fingerprint Manager Pro, which is patched against the vulnerabilities.

A total of 39 models of ThinkPad laptops and ThinkCentre and ThinkStation computers shipped with Fingerprint Manager Pro included.

The PC vendor has a chequered history when it comes to security. It was fined several millions of dollars last year for shipping computers with the unsafe Superfish software.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Travel eSIMs secretly route traffic over Chinese and undisclosed networks: study

Travel eSIMs secretly route traffic over Chinese and undisclosed networks: study

"Widespread data theft" hits Salesforce customers via third party

"Widespread data theft" hits Salesforce customers via third party

Attackers weaponise Linux file names as malware vectors

Attackers weaponise Linux file names as malware vectors

Home Affairs adds SecOps to new cyber risk overhaul

Home Affairs adds SecOps to new cyber risk overhaul

Log In

  |  Forgot your password?