Lenovo explained in the announcement that Fingerprint Manager Pro, Fingerprint Scan Manager, stores sensitive data, including Windows login credentials and fingerprinting data, but uses weak algorithm encryption, which includes a hardcoded password as long as the fingerprint scanner is installed Software that lets anyone log in to the system, even without administrator access.
The vulnerability affects ThinkPad, ThinkCentre, ThinkStation three series of nearly 40 different models of products, as follows:
ThinkPad L560
- ThinkPad P40 Yoga, P50s
- ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
- ThinkPad W540, W541, W550s
- ThinkPad X1 Carbon (20A7 / 20A8), X1 Carbon (20BS / 20BT)
- ThinkPad X240, X240s, X250, X260
- ThinkPad Yoga 14 (20FY), Yoga 460
- ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
- ThinkStation E32, P300, P500, P700, P900
Operating system spread to Windows 7, Windows 8, Windows 8.1 32/64-bit version, Windows 10 because it has native support for fingerprint reading, no longer need to support software, so will not be affected.
The latest Fingerprint Manager Pro 8.01.87 version of the software has been fixed this vulnerability, Lenovo users are advised to quickly download the upgrade.