The flaw in Lenovo’s Fingerprint Manager Pro enabled attackers to log into devices running Windows 7, 8 and 8.1, and let anyone log into your PC with a hardcoded password, skipping the fingerprint reader altogether. Both would require physical access to your PC. “A vulnerability has been identified in Lenovo Fingerprint Manager Pro,” Lenovo wrote (opens in new tab) on its support page. “Sensitive data stored by Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in.” Machines that have been updated to, or shipped with, Windows 10 are not affected. Those machines use Microsoft’s own fingerprint-reading software. Lenovo has already patched the issue, and you can download the fix here (opens in new tab). Those with the following systems should download the patch, especially if they use Fingerprint Manager Pro, as soon as possible if they are not running Windows 10.
ThinkPad L560ThinkPad P40 Yoga, P50sThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560ThinkPad W540, W541, W550sThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)ThinkPad X240, X240s, X250, X260ThinkPad Yoga 14 (20FY), Yoga 460ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93zThinkStation E32, P300, P500, P700, P900
Lenovo Laptop Guide
Previous TipNext Tip
Best Lenovo Laptops and ChromebooksSee How Lenovo Compares to Other Laptop BrandsLenovo Tech Support Rating and Report CardWhat’s in Lenovo’s Standard Warranty?
