Flaw in Lenovo’s fingerprint software let hackers bypass fingerprint authentication

A severe vulnerability in Lenovo's Fingerprint Manager Pro software allowed hackers to bypass fingerprint authentication, log in to a system using a hardcoded password and decrypt users' Windows credentials.

Lenovo's Fingerprint Manager Pro software stores users’ Windows login credentials but the latter are encrypted using a weak algorithm, thereby allowing anyone with local non-administrative access to access such details.

In an alert posted on its support page, Lenovo yesterday alerted users of Lenovo devices running Windows 7, 8, and 8.1 operating systems about a critical flaw in the Fingerprint Manager Pro software that allowed anyone with access to a system log in using a hardcoded password without having to go through fingerprint authentication.