Lenovo has issued a security update informing users that they may have a serious vulnerability. It was given a severity level of "high". The issue is specific to Lenovo and can affect Thinkpad, ThinkStation, and ThinkCentre products. Lenovo has updated the initial security statement by clarifying that this does not affect Windows 10 devices. This is because Windows 10 devices use Microsofts official built-in fingerprint scanner support. The issue impacts Windows 7, 8, and 8.1 machines that utilize the Lenovo Fingerprint Manager.

Lenovo describes the vulnerability in a detailed summary:

A vulnerability has been identified in Lenovo Fingerprint Manager Pro. Sensitive data stored by Lenovo Fingerprint Manager Pro, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in.

The flaw can only be taken advantage of locally, so there is no concern with remote hackers targeting your system. The company has released a software update to fix the vulnerability, so if you have an affected system, update as soon as possible.

Here's a full list of effected devices provided by Lenovo:

  • ThinkPad L560
  • ThinkPad P40 Yoga, P50s
  • ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
  • ThinkPad W540, W541, W550s
  • ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
  • ThinkPad X240, X240s, X250, X260
  • ThinkPad Yoga 14 (20FY), Yoga 460
  • ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
  • ThinkStation E32, P300, P500, P700, P900

via Gizmodo

This post may contain affiliate links. See our disclosure policy for more details.