CVE-2017-3762

CVE Database · CVE-2017-3762

CVE-2017-3762

· N/AModified

CVSS v3.1

N/A

EPSS

0.40%

Published

Jan 25, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.

Weaknesses (CWE)

CWE-798

Affected Products (4)

lenovo · fingerprint_manager_provulnerable

microsoft · windows_7

microsoft · windows_8

microsoft · windows_8.1

References (10)

http://www.openwall.com/lists/oss-security/2019/05/08/3

http://www.openwall.com/lists/oss-security/2019/05/08/4

http://www.openwall.com/lists/oss-security/2019/05/08/5

http://www.securityfocus.com/bid/102837