Lenovo advises all owners ThinkPad on Windows 7 and 8 update, in particular the program Fingerprint Manager Pro, the security of which was discovered a serious security vulnerability.
Jackson Duraisami from Security Compass have noticed that the data stored in the program, including fingerprint information and the Microsoft account information that is encrypted using a weak algorithm. In addition, passwords are stored directly in the code, and is available even to users who are not administrators.
The full list of devices subjected to the danger:
- ThinkPad L560
- ThinkPad Yoga P40, P50s
- ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
- ThinkPad W540, W541, W550s
- ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
- ThinkPad X240, X240s, X250, X260
- ThinkPad Yoga 14 (20FY), Yoga 460
- ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
- ThinkStation E32, P300, P500, P700, P900
Fixes available in versions Fingerprint Manager Pro 8.01.87 and above.