ThinkPad 指紋管理軟體出現漏洞 — 搭載 Win 10 的機型除外
根據聯想官方公告:
Lenovo Fingerprint Manager Pro for Windows 7, 8, and 8.1 only (not 10) Insecure Credential Storage
A vulnerability has been identified in Lenovo Fingerprint Manager Pro. Sensitive data stored by Lenovo Fingerprint Manager Pro, including users』 Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in.
Lenovo Fingerprint Manager Pro is a utility for Windows 7, 8 and 8.1 that allows users to log into their PCs or authenticate to configured websites using fingerprint recognition.
簡單來講:
聯想指紋管理軟體(Lenovo Fingerprint Manager Pro)由於使用低加密性的演算法以及一組寫死(hardcoded)的密碼,因此指紋認證解鎖環節可被跳過,而直接進入電腦系統,指紋信息仍然是安全的。
由於 Windows 10 已經不再採用這套軟體管理指紋,所以不會受到影響。
解決方法:
建議所有 Windows 7, Windows 8, 8.1 的用戶更新指紋管理軟體:Downloads
受影響的機型列表:
- ThinkPad L560
- ThinkPad P40 Yoga, P50s
- ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
- ThinkPad W540, W541, W550s
- ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
- ThinkPad X240, X240s, X250, X260
- ThinkPad Yoga 14 (20FY), Yoga 460
- ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
- ThinkStation E32, P300, P500, P700, P900
新驅動下載地址:Downloads Detail ds034486
*此漏洞由 Security Compass 的 Jackson Thuraisamy 發現。
推薦閱讀:
※Thinkpad new s1 和 x1 yoga 2017 有什麼區別?
※win10真的靠譜嗎?
※thinkpad T540P有必要升級CPU嗎?
※2016年有比MacBook pro續航時間更長的主機筆記本嗎?
※thinkpad x1 carbon低配版的值得買嗎?