Skip to main content

Lenovo discloses security vulnerability in ThinkPad fingerprint manager

If you're using an older ThinkPad with a fingerprint sensor, you'll want to update it pronto. Lenovo (opens in new tab) has disclosed a high-severity security vulnerability (opens in new tab) with its Fingerprint Manager Pro software for ThinkPad, ThinkCentre, and ThinkStation systems (via Engadget).

According to Lenovo, the software uses weak encryption and a hardcoded password, allowing for attackers to more easily gain access to a PC and view login credentials and fingerprint data. The vulnerability affects the following PCs, according to Lenovo:

  • ThinkPad L560
  • ThinkPad P40 Yoga, P50s
  • ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
  • ThinkPad W540, W541, W550s
  • ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
  • ThinkPad X240, X240s, X250, X260
  • ThinkPad Yoga 14 (20FY), Yoga 460
  • ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
  • ThinkStation E32, P300, P500, P700, P900

Lenovo Fingerprint Manager Pro was only used for Windows 7, 8, and 8.1 systems, so there's no need to worry if you're using a Windows 10 PC with Windows Hello authentication. Further, the vulnerability also required local access to the computer, Lenovo says. If you are impacted, the vulnerability has been patched in Fingerprint Manager Pro version 8.01.87, available directly from Lenovo (opens in new tab).

Dan Thorp-Lancaster is the Editor in Chief for Windows Central. He began working with Windows Central as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl. Got a hot tip? Send it to daniel.thorp-lancaster@futurenet.com.

2 Comments
  • Credibility...
  • "According to Lenovo, the software uses weak encryption and a hardcoded password ..." Wait, so it's a vulnerability by design?