Lenovo’s fingerprint authentication app had bad bugs that made it easy to hack
This is pretty jarring. Lenovo has confirmed its in-house authentication software Fingerprint Manager Pro (version 8.01.86), which lets users unlock their devices using fingerprint recognition, was affected by a severe vulnerability which attackers could exploit to access to any system equipped with the app.
As per Lenovo’s disclosure, Fingerprint Manager contained a hard-coded password that made it accessible to all users with local non-administrative access. In addition to this, it stored sensitive information like Windows logon credentials and fingerprint data which were “encrypted using a weak algorithm.”
“Sensitive data stored by Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in,” the report read.
The flaw was discovered by researcher Jackson Thuraisamy from Security Compass.