Take a look at our
ThinkPads.com HOME PAGE
For those who might want to contribute to the blog, start here: Editors Alley Topic
Then contact Bill with a Private Message

Lenovo's Fingerprint Manager Pro exposed user passwords, security update released

General Questions, Rumors, Real news & More
Post Reply
Message
Author
Puppy
Senior ThinkPadder
Senior ThinkPadder
Posts: 2545
Joined: Sat Oct 30, 2004 4:52 am
Location: Prague, Czech Republic

Lenovo's Fingerprint Manager Pro exposed user passwords, security update released

#1 Post by Puppy » Tue Jan 30, 2018 10:40 am

Just another Lenovo "Pro" software
https://www.notebookcheck.net/Lenovo-s- ... 494.0.html

https://support.lenovo.com/us/en/produc ... /len-15999
A vulnerability has been identified in Lenovo Fingerprint Manager Pro. Sensitive data stored by Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in. :roll:
ThinkPad (1992 - 2012): R51, X31, X220, Tablet 8

Thinkpad4by3
ThinkPadder
ThinkPadder
Posts: 1812
Joined: Sun Aug 09, 2015 9:25 am
Location: N. Bellmore, ny

Re: Lenovo's Fingerprint Manager Pro exposed user passwords, security update released

#2 Post by Thinkpad4by3 » Tue Jan 30, 2018 11:53 am

Puppy wrote:
Tue Jan 30, 2018 10:40 am
Just another Lenovo "Pro" software
https://www.notebookcheck.net/Lenovo-s- ... 494.0.html

https://support.lenovo.com/us/en/produc ... /len-15999
A vulnerability has been identified in Lenovo Fingerprint Manager Pro. Sensitive data stored by Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in. :roll:
When you make Windows XP security look good, you should be firing the programmer ASAP. Ugh Lenovo.
Thinkpad4by3's Law of the Universe.

The efficiency of two screens equally sized with equal numbers if pixels are equal. The time spent by a 4:3 user complaining about 16:9 is proportional to the inefficiency working with a 16:9 display, therefore the amount of useful work extracted is equal.

dr_st
Moderator
Moderator
Posts: 7450
Joined: Sat Oct 29, 2005 6:20 am

Re: Lenovo's Fingerprint Manager Pro exposed user passwords, security update released

#3 Post by dr_st » Tue Jan 30, 2018 2:23 pm

Thinkpad4by3 wrote:
Tue Jan 30, 2018 11:53 am
When you make Windows XP security look good, you should be firing the programmer ASAP. Ugh Lenovo.
Most likely the task was given to a junior programmer without any proper process of training and code review. :)
Thinkpad 25 (20K7), X1 Carbon (20HQ), Yoga 14 (20FY), T430s (IPS FHD + Classic Keyboard), X220 4291-4BG, X61 7673-V2V
T60 2007-QPG, T42 2373-F7G, X32 (IPS Screen), A31p w/ Ultrabay Numpad, A21m 2628-GXU

Thinkpad4by3
ThinkPadder
ThinkPadder
Posts: 1812
Joined: Sun Aug 09, 2015 9:25 am
Location: N. Bellmore, ny

Re: Lenovo's Fingerprint Manager Pro exposed user passwords, security update released

#4 Post by Thinkpad4by3 » Tue Jan 30, 2018 3:12 pm

dr_st wrote:
Tue Jan 30, 2018 2:23 pm
Thinkpad4by3 wrote:
Tue Jan 30, 2018 11:53 am
When you make Windows XP security look good, you should be firing the programmer ASAP. Ugh Lenovo.
Most likely the task was given to a junior programmer without any proper process of training and code review. :)
Even a Junior programmer could put it in something better than plain text. Is implementing an SHA-256 algorithm that hard? Just downloading a github library would be suffice.
Thinkpad4by3's Law of the Universe.

The efficiency of two screens equally sized with equal numbers if pixels are equal. The time spent by a 4:3 user complaining about 16:9 is proportional to the inefficiency working with a 16:9 display, therefore the amount of useful work extracted is equal.

dr_st
Moderator
Moderator
Posts: 7450
Joined: Sat Oct 29, 2005 6:20 am

Re: Lenovo's Fingerprint Manager Pro exposed user passwords, security update released

#5 Post by dr_st » Tue Jan 30, 2018 4:25 pm

Thinkpad4by3 wrote:
Tue Jan 30, 2018 3:12 pm
Even a Junior programmer could put it in something better than plain text. Is implementing an SHA-256 algorithm that hard? Just downloading a github library would be suffice.
In this business doing something is often not as hard as understanding why you should do it. This understanding is what junior programmers often lack.
Thinkpad 25 (20K7), X1 Carbon (20HQ), Yoga 14 (20FY), T430s (IPS FHD + Classic Keyboard), X220 4291-4BG, X61 7673-V2V
T60 2007-QPG, T42 2373-F7G, X32 (IPS Screen), A31p w/ Ultrabay Numpad, A21m 2628-GXU

Post Reply
  • Similar Topics
    Replies
    Views
    Last post

Return to “GENERAL ThinkPad News/Comments & Questions”

Who is online

Users browsing this forum: No registered users and 6 guests