Lenovo's fingerprint scanner has a hardcoded password

By
Follow google news

And admin creds can be snagged.

Software shipped with Lenovo computers for biometric authentication contains a hardcoded password and allows for easy decryption of stored data, researchers have found.

Lenovo's fingerprint scanner has a hardcoded password

Security Compass researcher Jackson Thuraisamy reported to Lenovo that its Fingerprint Manager Pro utility shipped with Windows 7, 8 and 8.1 computers encrypts operating system credentials and biometrics data with a weak algorithm, making it easily crackable.

Additionally, the software contains a hardcoded password that means any users with local system access could view the stored data.

Lenovo is now advising users to upgrade to version 8.01.87 of Fingerprint Manager Pro, which is patched against the vulnerabilities.

A total of 39 models of ThinkPad laptops and ThinkCentre and ThinkStation computers shipped with Fingerprint Manager Pro included.

The PC vendor has a chequered history when it comes to security. It was fined several millions of dollars last year for shipping computers with the unsafe Superfish software.

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
biometricsfingerprintslenovosecurity

Sponsored Whitepapers

5 reasons to adopt a mobile first security strategy
5 reasons to adopt a mobile first security strategy
Uncomplicate IT Service Delivery with AI Agents
Uncomplicate IT Service Delivery with AI Agents
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Fintech compliance made fast and secure
Fintech compliance made fast and secure
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide

Events

Most Read Articles

CBA builds two AI agents to boost cyber defences

CBA builds two AI agents to boost cyber defences
CBA chief impersonated in global investment fraud on Facebook

CBA chief impersonated in global investment fraud on Facebook
US medical device maker Stryker's Microsoft environment attacked

US medical device maker Stryker's Microsoft environment attacked
Researchers uncover 'Darksword' iPhone spyware

Researchers uncover 'Darksword' iPhone spyware
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?