Lenovo has detailed a new security vulnerability discovered in its Fingerprint Manager Pro software that may allow hackers to bypass the fingerprint sensor on some Lenovo PCs. The severity of this vulnerability is high and it’s specific to the company’s machines. Select models from the company’s Thinkpad, ThinkStation, and ThinkCentre lines are affected by this vulnerability but there’s no waiting for a fix, fortunately, because Lenovo has already released one.
Lenovo detailed that a vulnerability was discovered in the Fingerprint Manager Pro Software which put sensitive data stored by the software at risk. Lenovo Fingerprint Manager Pro is a utility for Windows 7, Windows 8, and Windows 8.1 that enables users to log into their PCs and authenticate configured websites with fingerprint recognition.
The data it stores include Windows logon credentials and fingerprint data. It was encrypted using a weak algorithm and contained a hard-coded password that was accessible to all users with local non-administrative access to the system it’s installed in.
Since exploiting the vulnerability required local access, nobody could exploit it remotely over the internet, the attacker had to bypass the fingerprint security in person and that meant having physical access to the machine.