Lenovo's fingerprint scanner has a hardcoded password

By

And admin creds can be snagged.

Software shipped with Lenovo computers for biometric authentication contains a hardcoded password and allows for easy decryption of stored data, researchers have found.

Lenovo's fingerprint scanner has a hardcoded password

Security Compass researcher Jackson Thuraisamy reported to Lenovo that its Fingerprint Manager Pro utility shipped with Windows 7, 8 and 8.1 computers encrypts operating system credentials and biometrics data with a weak algorithm, making it easily crackable.

Additionally, the software contains a hardcoded password that means any users with local system access could view the stored data.

Lenovo is now advising users to upgrade to version 8.01.87 of Fingerprint Manager Pro, which is patched against the vulnerabilities.

A total of 39 models of ThinkPad laptops and ThinkCentre and ThinkStation computers shipped with Fingerprint Manager Pro included.

The PC vendor has a chequered history when it comes to security. It was fined several millions of dollars last year for shipping computers with the unsafe Superfish software.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Top US diplomat impersonated with AI by unknown actor

Top US diplomat impersonated with AI by unknown actor

UK police arrest four over cyberattacks on M&S, Co-op and Harrods

UK police arrest four over cyberattacks on M&S, Co-op and Harrods

Google Gemini for Workspace vulnerable to prompt injection attacks

Google Gemini for Workspace vulnerable to prompt injection attacks

Log In

  |  Forgot your password?