CVE-2017-3762

Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
lenovoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
lenovofingerprint_manager_pro
𝑥
≤ 8.01.86
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2019/05/08/3
http://www.openwall.com/lists/oss-security/2019/05/08/4
http://www.openwall.com/lists/oss-security/2019/05/08/5
http://www.securityfocus.com/bid/102837
https://support.lenovo.com/product_security/LEN-15999
http://www.openwall.com/lists/oss-security/2019/05/08/3
http://www.openwall.com/lists/oss-security/2019/05/08/4
http://www.openwall.com/lists/oss-security/2019/05/08/5
http://www.securityfocus.com/bid/102837
https://support.lenovo.com/product_security/LEN-15999