Hackers could bypass Lenovo’s fingerprint scanner using a hardcoded password – Are you affected?

The company detailed the security flaw discovered in its Fingerprint Manager Pro software in a security advisory last week.

By Hyacinth Mascarenhas


Lenovo has disclosed a security vulnerability in some of its devices that could allow a malicious actor to bypass the fingerprint scanner.

The security flaw was discovered in its Fingerprint Manager Pro software — an application embedded in certain Lenovo products that allows users to easily log into their PC and authenticate configured websites using fingerprint recognition.

In a security advisory issued last week, the company warned that sensitive data stored by the software, including users’ Windows login credentials and fingerprint data, is encrypted using a weak algorithm. The fingerprint scanner also features a hard-coded password that is “accessible to all users with local non-administrative access to the system it is installed in”.

Read the rest on International Business Times here: https://www.ibtimes.co.uk/hackers-could-bypass-lenovos-fingerprint-scanner-using-hardcoded-password-are-you-affected-1657199

Read additional coverage here: