Описание
Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.
Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-3762
- https://support.lenovo.com/product_security/LEN-15999
- http://www.openwall.com/lists/oss-security/2019/05/08/3
- http://www.openwall.com/lists/oss-security/2019/05/08/4
- http://www.openwall.com/lists/oss-security/2019/05/08/5
- http://www.securityfocus.com/bid/102837
Связанные уязвимости
Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.
Уязвимость программно-аппаратного средства для реализации аутентификации пользователей на основе распознавания отпечатков пальцев Lenovo Fingerprint Manager Pro, связанная с использованием предустановленной учетной записи и недостатками алгоритма шифрования, позволяющая нарушителю получить доступ к учетным данным пользователей