Lenovo Fingerprint Manager Pro is full of fail
Lenovo Fingerprint Manager Pro, a piece of software that allows users to log into their PCs or authenticate to configured websites using fingerprint recognition, has been found seriously wanting in the security department.
The problems are several: the software contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in.
Also, the data it stores – users’ Windows logon credentials and fingerprint data, among other things – is encrypted using a weak algorithm.
These security issues were unearthed by Jackson Thuraisamy of Canadian software security company Security Compass, and have been fixed in version 8.01.87 of the software.
Lenovo advises users of a variety of ThinkPads, ThinkCentres and ThinkStations running Windows 7, Windows 8, and Windows 8.1 to check whether they have a vulnerable version of the software installed, and to update it.
Windows 10 users can uninstall the software altogether, though, as Microsoft has added full support for fingerprint readers into that version of the OS.