Lenovo discloses security vulnerability in ThinkPad fingerprint manager
Lenovo's fingerprint management software for Windows 7 and 8 has a pretty major vulnerability, but a patch is available.
If you're using an older ThinkPad with a fingerprint sensor, you'll want to update it pronto. Lenovo has disclosed a high-severity security vulnerability with its Fingerprint Manager Pro software for ThinkPad, ThinkCentre, and ThinkStation systems (via Engadget).
According to Lenovo, the software uses weak encryption and a hardcoded password, allowing for attackers to more easily gain access to a PC and view login credentials and fingerprint data. The vulnerability affects the following PCs, according to Lenovo:
- ThinkPad L560
- ThinkPad P40 Yoga, P50s
- ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
- ThinkPad W540, W541, W550s
- ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
- ThinkPad X240, X240s, X250, X260
- ThinkPad Yoga 14 (20FY), Yoga 460
- ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
- ThinkStation E32, P300, P500, P700, P900
Lenovo Fingerprint Manager Pro was only used for Windows 7, 8, and 8.1 systems, so there's no need to worry if you're using a Windows 10 PC with Windows Hello authentication. Further, the vulnerability also required local access to the computer, Lenovo says. If you are impacted, the vulnerability has been patched in Fingerprint Manager Pro version 8.01.87, available directly from Lenovo.
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
Dan Thorp-Lancaster is the former Editor-in-Chief of Windows Central. He began working with Windows Central, Android Central, and iMore as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl.