Hackers could bypass Lenovo’s fingerprint scanner using a hardcoded password – Are you affected?

The company detailed the security flaw discovered in its Fingerprint Manager Pro software in a security advisory last week.

By Hyacinth Mascarenhas

lenovo

Lenovo has disclosed a security vulnerability in some of its devices that could allow a malicious actor to bypass the fingerprint scanner.

The security flaw was discovered in its Fingerprint Manager Pro software — an application embedded in certain Lenovo products that allows users to easily log into their PC and authenticate configured websites using fingerprint recognition.

In a security advisory issued last week, the company warned that sensitive data stored by the software, including users’ Windows login credentials and fingerprint data, is encrypted using a weak algorithm. The fingerprint scanner also features a hard-coded password that is “accessible to all users with local non-administrative access to the system it is installed in”.

Read the rest on International Business Times here: https://www.ibtimes.co.uk/hackers-could-bypass-lenovos-fingerprint-scanner-using-hardcoded-password-are-you-affected-1657199

Read additional coverage here:

 

About Security Compass
Security Compass, a leading provider of cybersecurity solutions, enables organizations to shift left and build secure applications by design, integrated directly with existing DevSecOps tools and workflows. Its flagship product, SD Elements, allows organizations to balance the need to accelerate software time-to-market while managing risk by automating significant portions of proactive manual processes for security and compliance. SD Elements is the world’s first Balanced Development Automation platform. Security Compass is the trusted solution provider to leading financial and technology organizations, the U.S. Department of Defense, government agencies, and renowned global brands across multiple industries. The company is headquartered in Toronto, with offices in the U.S. and India. For more information, please visit https://www.securitycompass.com/