Lenovo's Fingerprint Scanner Can Be Bypassed via a Hardcoded Password

Lenovo has issued an update to address a vulnerability in its fingerprint scanner app that it ships with ThinkPad, ThinkCentre, and ThinkStation models running Windows 8.1 or older version of Windows. From a report: Fingerprint Manager Pro is an application developed by Lenovo that allows users to log into Windows machines and online websites by scanning one of their fingerprints using the fingerprint scanner embedded in selected Lenovo products. "A vulnerability has been identified in Lenovo Fingerprint Manager Pro," said Lenovo in a security advisory published last week. "Sensitive data stored by Lenovo Fingerprint Manager Pro, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in," the company said.

I'm surprised most companies permit this

[froggyjojodaddy]

A few years ago, Mythbusters had an episode where they showed how easy it was to fool fingerprint scanners into granting access.

The place where I work prohibits this via IT Policy and disables the fingerprint scanner on all laptops