CVE-2017-3762

Name of the Vulnerable Software and Affected Versions Lenovo Fingerprint Manager Pro versions 8.01.86 and earlier

Description The issue concerns the storage of sensitive data, including users' Windows logon credentials and fingerprint data, which is encrypted using a weak algorithm and contains a hard-coded password. This data is accessible to all users with local non-administrative access to the system. The vulnerability allows a local attacker to gain access to user Windows credentials and fingerprint data.

Recommendations For Lenovo Fingerprint Manager Pro versions 8.01.86 and earlier, consider restricting local non-administrative access to the system until a patch is available. As a temporary workaround, restrict access to sensitive data stored by the Lenovo Fingerprint Manager Pro to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.