Home / TECHNOLOGY / High-severity disadvantage in Lenovo laptops let hackers entrance passwords

High-severity disadvantage in Lenovo laptops let hackers entrance passwords

Lenovo has bound a high-severity disadvantage in a far-reaching operation of laptop models that allowed hackers with earthy entrance to record in and then obtain users’ Windows login certification and other supportive data.

The disadvantage resides in the Lenovo Fingerprint Manager Pro, which is typically commissioned on ThinkPad, ThinkCentre, and ThinkStation models. A diseased encryption algorithm creates it probable for someone with internal non-administrative entrance to review Windows logon certification and fingerprint data. From there, the person can record into the mechanism or use the extracted certification for other purposes. The disadvantage affects only Fingerprint Manager Pro for Windows 7, Windows 8, or Windows 8.1. Fingerprint-enabled Laptops using Windows 10 aren’t influenced since they use Microsoft’s internal support.

“A disadvantage has been identified in Lenovo Fingerprint Manager Pro,” Lenovo officials wrote in an advisory published late last week. “Sensitive information stored by Lenovo Fingerprint Manager Pro, including users’ Windows logon certification and fingerprint data, is encrypted using a diseased algorithm, contains a hard-coded password, and is permitted to all users with internal non-administrative entrance to the complement it is commissioned in.”

The company is propelling people to upgrade to chronicle 8.01.87.


Affected laptops include:

  • ThinkPad L560
  • ThinkPad P40 Yoga, P50s
  • ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
  • ThinkPad W540, W541, W550s
  • ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
  • ThinkPad X240, X240s, X250, X260
  • ThinkPad Yoga 14 (20FY), Yoga 460
  • ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
  • ThinkStation E32, P300, P500, P700, P900

The Fingerprint reader allows users to record in to several services using a fingerprint instead of a password. The vulnerability, which is indexed as CVE-2017-3762 comes almost 3 years after Lenovo bound a apart disadvantage in an progressing fingerprint manager. While earthy entrance is compulsory to feat the vulnerability, Windows login certification are designed privately to guarantee against scenarios where a user loses control of their hardware.

auto magazine

Check Also

Federal Ruling Could Set Dangerous Precedent Allowing Law Enforcement Access to WhatsApp

By Derrick Broze A recently unblocked statute shows a sovereign judge postulated the U.S. supervision …

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>