×

Registration

Profile Informations

Login Details

or login

First name is required!
Last name is required!
First name is not valid!
Last name is not valid!
This is not an email address!
Email address is required!
This email is already registered!
Password is required!
Enter a valid password!
Please enter 6 or more characters!
Please enter 16 or less characters!
Passwords are not same!
Terms and Conditions are required!
Email or Password is wrong!

Lenovo Issues Software Update For Serious ThinkPad Fingerprint Reader Security Exploit

If you have an older ThinkPad, ThinkCentre or ThinkStation PC with an integrated fingerprint reader, you might want to download Lenovo's latest software update. The company has acknowledged that a flaw in its Fingerprint Management Pro software could allow a malicious actor with physical access to your device login with a hard-coded password, bypassing the fingerprint reader.

Lenovo says that the flaw affects Lenovo machines running Windows 7, Windows 8 and Windows 8.1. "Sensitive data stored by Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in," Lenovo writes in a new support document.

lenovo t440s

It should be noted that Lenovo PCs running Windows 10 are not affected by this exploit, as they rely on that operating system's own built-in fingerprint authentication system. The following Lenovo systems are affected by the Fingerprint Manager Pro security exploit:

  • ThinkPad L560
  • ThinkPad P40 Yoga, P50s
  • ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
  • ThinkPad W540, W541, W550s
  • ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
  • ThinkPad X240, X240s, X250, X260
  • ThinkPad Yoga 14 (20FY), Yoga 460
  • ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
  • ThinkStation E32, P300, P500, P700, P900

Users of these devices are encouraged to download Fingerprint Manager Pro version 8.01.87 immediately.

Go to Source