Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Lenovo's craptastic fingerprint scanner has a hardcoded password
.
Come on IT people, you're just noy trying hard enough! Windows 10 centralized this function (probably for data mining).
Lenovo wants ThinkPad owners to update their machines after its Fingerprint Manager Pro software was found to contain serious security vulnerabilities.
Among the glaring flaws cited: a hardcoded password. In the fingerprint scanner. To log into the computer.
"Sensitive data stored by Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in," Lenovo said in fessing up on Thursday.
.
.
Lenovo says Fingerprint Manager Pro was used with the Thinkpad, ThinkCentre, and ThinkStation machines running Windows 7, Windows 8, and Windows 8.1. The tool could be configured to store and authenticate website credentials via fingerprint.
Among the glaring flaws cited: a hardcoded password. In the fingerprint scanner. To log into the computer.
"Sensitive data stored by Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in," Lenovo said in fessing up on Thursday.
.
.
Lenovo says Fingerprint Manager Pro was used with the Thinkpad, ThinkCentre, and ThinkStation machines running Windows 7, Windows 8, and Windows 8.1. The tool could be configured to store and authenticate website credentials via fingerprint.
https://www.theregister.co.uk/2018/01/26/lenovo_thinkpad_fingerprint_manager_vulnerability/
.