Fingerprint Manager Pro is a Windows 7, 8, and 8.1 utility that enables the fingerprint scanner on certain Lenovo systems to match a user’s fingerprint and use it to log into the machine as well as to authenticate to websites without needing to type in a password. As Lenovo indicates in a recent support bulletin, versions of the utility older than 8.01.87 are vulnerable to attack thanks to a weak algorithm and a hard-coded password — leaving sensitive data accessible to any user with local non-administrative access to a machine.
It is important to note that Windows 10 machines are unaffected, thanks to Microsoft’s built-in fingerprint reader support. If you’re using Windows 10 Hello on a Lenovo system, therefore, you have nothing to worry about.
This isn’t the first time that Lenovo’s fingerprint software has suffered from a lapse in security. In early 2016, the Lenovo Fingerprint Manager and Touch Fingerprint Software utilities were vulnerable to a local privilege escalation that allows users to gain administrator rights when running applications.
Here is a list of the affected systems:
- ThinkPad L560
- ThinkPad P40 Yoga, P50s
- ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
- ThinkPad W540, W541, W550s
- ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
- ThinkPad X240, X240s, X250, X260
- ThinkPad Yoga 14 (20FY), Yoga 460
- ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
- ThinkStation E32, P300, P500, P700, P900
Go update the Lenovo Fingerprint Manager Pro utility today. You can download it here, and then install it as soon as you can to make sure your sensitive data remains protected. While you’re at it, you can check out all of Lenovo’s security advisories here to make sure you’re not exposed.
