When Microsoft launched Windows 10 in July 2015, it introduced Windows Hello, an integrated biometric authentication feature that supports facial recognition and fingerprint scanning. But that doesn't mean that there were no PCs with fingerprint sensors before that though. OEMs had to build in third-party utilities, like Lenovo's Fingerprint Manager Pro that can be found on ThinkPads of the Windows 7 and 8.1 eras.
Lenovo announced a security vulnerability in the utility today, saying that Windows login credentials are encrypted "using a weak algorithm", and it contains a hard-coded password. To make matters worse, it's accessible to all users, even those with non-administrative access on the PC.
The following systems are affected:
ThinkPad L560
ThinkPad P40 Yoga, P50s
ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
ThinkPad W540, W541, W550s
ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
ThinkPad X240, X240s, X250, X260
ThinkPad Yoga 14 (20FY), Yoga 460
ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
ThinkStation E32, P300, P500, P700, P900
The good news is that the issue has been fixed, and you'll want to make sure that you're running Fingerprint Manager Pro version 8.01.87 or higher. You can download it here. Again, this only affects Windows 7 and 8.1 PCs, as Lenovo's fingerprint sensors on Windows 10 devices are handled by the OS.
13 Comments - Add comment