Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Lenovo Fingerprint Manager Pro for Windows 7 and 8 Insecure Credential

29 Jan 2018   #1
Brink

64-bit Windows 10 Pro
 
 
Lenovo Fingerprint Manager Pro for Windows 7 and 8 Insecure Credential

Quote:
Lenovo Security Advisory: LEN-15999

Potential Impact: Local Privilege Escalation

Severity: High

Scope of Impact: Lenovo Specific

CVE Identifier: CVE-2017-3762

Summary Description:

A vulnerability has been identified in Lenovo Fingerprint Manager Pro. Sensitive data stored by Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in.

Lenovo Fingerprint Manager Pro is a utility for Windows 7, 8 and 8.1 that allows users to log into their PCs or authenticate to configured websites using fingerprint recognition.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update Fingerprint Manager Pro to version 8.01.87 or later.

Product Impact:

Lenovo Fingerprint Manager Pro may be installed on the following systems:
  • ThinkPad L560
  • ThinkPad P40 Yoga, P50s
  • ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
  • ThinkPad W540, W541, W550s
  • ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
  • ThinkPad X240, X240s, X250, X260
  • ThinkPad Yoga 14 (20FY), Yoga 460
  • ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
  • ThinkStation E32, P300, P500, P700, P900
Acknowledgements:

Lenovo thanks Jackson Thuraisamy from Security Compass for identifying this issue.

For a complete list of all Lenovo Product Security Advisories, click here.

Revision History:

Revision: 1

Date: 01/25/2018

Description: For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on as “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.


Source: Lenovo Fingerprint Manager Pro for Windows 7, 8 and 8.1 Insecure Credential Storage


My System SpecsSystem Spec
.
Reply

 Lenovo Fingerprint Manager Pro for Windows 7 and 8 Insecure Credential




Thread Tools




Similar help and support threads
Thread Forum
how to remove credential manager?
How do I remove the windows 7 credential manager? I have no need for it and never want to save passwords / usernames. I find it a really annoying thing that keeps saving my hotmail usernames. This is a real privacy problem. I hate having to go into credential manager and delete all credentials....
General Discussion
Credential Manager Shortcut - Create
How to Create a "Credential Manager" Shortcut in Vista, Windows 7, and Windows 8 Credential Manager allows you to store credentials, such as user names and passwords that you use to log on to websites or other computers on a network. By storing your credentials, Windows can automatically log...
Tutorials
Credential Manager
Hi, I want to stop my browser from entering my user name - it is not entering my password. While rummaging around on the computer I came across the Credential Manager and removed all of the Generic Credentials (there was nothing in the first two vaults). I then went online to see if that would...
General Discussion
can't delete credentials from credential manager
hello! i have a major problem with the credential manager. After my login, i go to credential manager and delete everything. Then, i restart my pc. For a really strange reason, all my credentials are there, like i haven't deleted them before!!!!!! is there a way to get rid of them for...
Network & Sharing
credential manager
Good morning, Would anyone know how to shut down or disable the windows 7 credential manager? It saves user names and passwords to log on to websties. I use roboform password manager for many years and windows 7 or IE 8 overrules roboform on sites. Thanks for your info. Dennis
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 21:59.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App