Lenovo wants ThinkPad owners to update their machines after its Fingerprint Manager Pro software was found to contain serious security vulnerabilities.
Among the glaring flaws cited: a hardcoded password. In the fingerprint scanner. To log into the computer.
Mar 11, 2018 Locate Fingerprint or Facial Recognition options and click Remove under them. After that, click Get Started and follow the on-screen instructions to reset Fingerprint and Facial Recognition. Reboot your PC if needed. If some of the system drivers, most probably webcam and fingerprint reader drivers, were corrupted, Windows Hello may fail to.
I then went to Device Manager and uninstalled the fingerprint reader. When I restarted the computer and checked Device Manager, it appeared to be working OK. (The exclamation point was gone.) I then went to Windows Hello and set up a new fingerprint. Knock on wood, but it seems to be OK now. The fingerprint reader is enabled in the BIOS (External - Internal) and I have not made any changes there. Strange thing is that it was working fine all day when I was waking up the machine from sleep and all of a sudden it stopped working. Anybody has any ideas before I call Lenovo support? Go to BIOS Hit Enter on the first screen you see when turning on machine. It says Hit Enter on there too. Then press F1 to enter BIOS. In BIOS under fingerprint reader, there is a setting which was called Fingerprint Type or something.
'Sensitive data stored by Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in,' Lenovo said in fessing up on Thursday.
Discovery of the flaws was credited to Jackson Thuraisamy at Security Compass.
In total, Lenovo says that more than two dozen ThinkPad models are vulnerable, along with five ThinkStation Models and eight ThinkCentre models.
Lenovo says Fingerprint Manager Pro was used with the Thinkpad, ThinkCentre, and ThinkStation machines running Windows 7, Windows 8, and Windows 8.1. The tool could be configured to store and authenticate website credentials via fingerprint.
Unfortunately, Lenovo says, it was also improperly protecting those stored credentials, leaving the readers far less secure than they should be. Now, the PC slinger is advising users still running the Fingerprint Manager Pro software to install the latest update (version 8.01.87) to address the issue.
Because the Fingerprint Manager Pro software does not need to run on Windows 10 (Microsoft added native fingerprint reader support with that build), newer and updated machines are not considered vulnerable.
Earlier this month, Lenovo moved to put to bed another headache from its past when it agreed to a settlement deal with the FTC that will end the case over its use of intrusive adware in its pre-bundled software on PCs back in 2014.®
