发布时间 :2018-01-25 20:29:00
修订时间 :2018-02-12 11:17:03

[原文]Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.



- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-798 [使用硬编码的凭证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD

- 其它链接及资源

- 漏洞信息

Lenovo Fingerprint Manager Pro CVE-2017-3762 Multiple Local Security Weaknesses
Design Error 102837
No Yes
2018-01-25 12:00:00 2018-01-25 12:00:00
Jackson Thuraisamy from Security Compass

- 受影响的程序版本

Lenovo ThinkStation P900 0
Lenovo ThinkStation P700 0
Lenovo ThinkStation P500 0
Lenovo ThinkStation P300 0
Lenovo ThinkStation E32 0
Lenovo ThinkPad Yoga 460 0
Lenovo ThinkPad Yoga 14 0
Lenovo ThinkPad X260 0
Lenovo ThinkPad X250 0
Lenovo ThinkPad X240s 0
Lenovo ThinkPad X240 0
Lenovo ThinkPad X1 Carbon (20BS-20BT) 0
Lenovo ThinkPad X1 Carbon (20A7-20A8) 0
Lenovo ThinkPad W550s 0
Lenovo ThinkPad W541 0
Lenovo ThinkPad W540 0
Lenovo ThinkPad T560 0
Lenovo ThinkPad T550 0
Lenovo ThinkPad T540p 0
Lenovo ThinkPad T460 0
Lenovo ThinkPad T450s 0
Lenovo ThinkPad T450 0
Lenovo ThinkPad T440s 0
Lenovo ThinkPad T440p 0
Lenovo ThinkPad T440 0
Lenovo ThinkPad P50s 0
Lenovo ThinkPad P40 Yoga 0
Lenovo ThinkPad L560 0
Lenovo ThinkCentre M93p 0
Lenovo ThinkCentre M9350z 0
Lenovo ThinkCentre M93 0
Lenovo ThinkCentre M83 0
Lenovo ThinkCentre M79 0
Lenovo ThinkCentre M78 0
Lenovo ThinkCentre M73z 0
Lenovo ThinkCentre M73 0
Lenovo Fingerprint Manager Pro 8.1.57
Lenovo Fingerprint Manager Pro 8.1.42
Lenovo Fingerprint Manager Pro 8.1.41
Lenovo Fingerprint Manager Pro 8.1.35
Lenovo Fingerprint Manager Pro 8.1.26
Lenovo Fingerprint Manager Pro 8.1.18
Lenovo Fingerprint Manager Pro 8.1.11
Lenovo Fingerprint Manager Pro 8.1.7
Lenovo Fingerprint Manager Pro 8.1.5
Lenovo Fingerprint Manager Pro 8.1
Lenovo Fingerprint Manager Pro 8.0.47
,Lenovo Fingerprint Manager Pro 8.1.87

- 不受影响的程序版本

Lenovo Fingerprint Manager Pro 8.1.87

- 漏洞讨论

Lenovo Fingerprint Manager Pro is prone to multiple local security weaknesses.

A local attacker can exploit these issues to perform certain unauthorized actions or gain potentially sensitive information.

Versions prior to Fingerprint Manager Pro 8.01.87 are vulnerable.

- 漏洞利用

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at:

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考