Lenovo's fingerprint scanner has a hardcoded password

By

And admin creds can be snagged.

Software shipped with Lenovo computers for biometric authentication contains a hardcoded password and allows for easy decryption of stored data, researchers have found.

Lenovo's fingerprint scanner has a hardcoded password

Security Compass researcher Jackson Thuraisamy reported to Lenovo that its Fingerprint Manager Pro utility shipped with Windows 7, 8 and 8.1 computers encrypts operating system credentials and biometrics data with a weak algorithm, making it easily crackable.

Additionally, the software contains a hardcoded password that means any users with local system access could view the stored data.

Lenovo is now advising users to upgrade to version 8.01.87 of Fingerprint Manager Pro, which is patched against the vulnerabilities.

A total of 39 models of ThinkPad laptops and ThinkCentre and ThinkStation computers shipped with Fingerprint Manager Pro included.

The PC vendor has a chequered history when it comes to security. It was fined several millions of dollars last year for shipping computers with the unsafe Superfish software.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"

SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Log In

  |  Forgot your password?