Lenovo's ThinkPad Fingerprint Manager software has a major vulnerability

When Microsoft launched Windows 10 in July 2015, it introduced Windows Hello, an integrated biometric authentication feature that supports facial recognition and fingerprint scanning. But that doesn't mean that there were no PCs with fingerprint sensors before that though. OEMs had to build in third-party utilities, like Lenovo's Fingerprint Manager Pro that can be found on ThinkPads of the Windows 7 and 8.1 eras.

Lenovo announced a security vulnerability in the utility today, saying that Windows login credentials are encrypted "using a weak algorithm", and it contains a hard-coded password. To make matters worse, it's accessible to all users, even those with non-administrative access on the PC.

The following systems are affected:

  • ThinkPad L560

  • ThinkPad P40 Yoga, P50s

  • ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560

  • ThinkPad W540, W541, W550s

  • ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)

  • ThinkPad X240, X240s, X250, X260

  • ThinkPad Yoga 14 (20FY), Yoga 460

  • ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z

  • ThinkStation E32, P300, P500, P700, P900

The good news is that the issue has been fixed, and you'll want to make sure that you're running Fingerprint Manager Pro version 8.01.87 or higher. You can download it here. Again, this only affects Windows 7 and 8.1 PCs, as Lenovo's fingerprint sensors on Windows 10 devices are handled by the OS.

Report a problem with article
1517258677_spa251-ring-hero
Next Article

An Xbox fan can get a Super Bowl ring (of sorts) for playing Madden 18

1508873559_windowsdevcenter
Previous Article

Microsoft updates the Windows Dev Center to support ARM packages for desktop

13 Comments - Add comment

Advertisement