A necessary vulnerability has emerged on over three dozen Lenovo packages that may let hackers bypass fingerprint scanner and purchase entry to present Windows credentials. Machines that are affected by the protection loophole consists of a lot of Thinkpad, ThinkStation, and ThinkCentre packages. Lenovo has acknowledged the flaw and launched an exchange to its Fingerprint Manager Pro as a part of its mitigation method.

The latest vulnerability, which the company marked with extreme severity, exists throughout the Lenovo Fingerprint Pro utility that is notably designed for Lenovo ThinkPad, ThinkStation, and ThinkCentre working Windows 7, Windows 8, and Windows 8.1. The scope of the vulnerability is form of in depth as hackers may get hold of entry to Windows login credentials and fingerprint data. Nevertheless, it stays unaffected on packages with Windows 10 because the model new working system makes use of Microsoft’s built-in fingerprint reader help by way of Windows Hello.

“Sensitive data stored by Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in,” Lenovo acknowledged in a security advisory.

The guidelines of fashions that are affected with the flaw consists of the Lenovo ThinkPad L560, ThinkPad P40 Yoga, ThinkPad P50s Yoga, ThinkPad T440, ThinkPad T440p, ThinkPad T440s, ThinkPad T450, ThinkPad T450s, ThinkPad T460, ThinkPad T540p, ThinkPad T550, ThinkPad T560, ThinkPad W540, ThinkPad W541, ThinkPad W550s, ThinkPad X1 Carbon (Type 20A7, 20A8), ThinkPad X1 Carbon (Type 20BS, 20BT), ThinkPad X240, ThinkPad X240s, ThinkPad X250, ThinkPad X260, ThinkPad Yoga 14 (20FY), ThinkPad Yoga 460, ThinkCentre M73, ThinkCentreM73z, ThinkCentre M78, ThinkCentre M79, ThinkCentre M83, ThinkCentre M93p, ThinkCentre M93z, ThinkStation E32, ThinkStation P300, ThinkStation P500, ThinkCentre P700, and ThinkCentre P900.

Importantly, the vulnerability can solely be exploited with native entry. This signifies that the hacker should bypass the weak security layer in particular person, as an alternative of using any distant entry channel.

As of January 25, Lenovo has launched Fingerprint Manager Pro mannequin 8.01.87 to mitigate the vulnerability.