If you're using an older ThinkPad with a fingerprint sensor, you'll want to update it pronto. Lenovo has disclosed a high-severity security vulnerability with its Fingerprint Manager Pro software for ThinkPad, ThinkCentre, and ThinkStation systems (via Engadget).
According to Lenovo, the software uses weak encryption and a hardcoded password, allowing for attackers to more easily gain access to a PC and view login credentials and fingerprint data. The vulnerability affects the following PCs, according to Lenovo:
- ThinkPad L560
- ThinkPad P40 Yoga, P50s
- ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
- ThinkPad W540, W541, W550s
- ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
- ThinkPad X240, X240s, X250, X260
- ThinkPad Yoga 14 (20FY), Yoga 460
- ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
- ThinkStation E32, P300, P500, P700, P900
Lenovo Fingerprint Manager Pro was only used for Windows 7, 8, and 8.1 systems, so there's no need to worry if you're using a Windows 10 PC with Windows Hello authentication. Further, the vulnerability also required local access to the computer, Lenovo says. If you are impacted, the vulnerability has been patched in Fingerprint Manager Pro version 8.01.87, available directly from Lenovo.
