This is pretty jarring. Lenovo has confirmed its in-house authentication software Fingerprint Manager Pro (version 8.01.86), which lets users unlock their devices using fingerprint recognition, was affected by a severe vulnerability which attackers could exploit to access to any system equipped with the app.
As per Lenovo’s disclosure, Fingerprint Manager contained a hard-coded password that made it accessible to all users with local non-administrative access. In addition to this, it stored sensitive information like Windows logon credentials and fingerprint data which were “encrypted using a weak algorithm.”
