Vulnerability Details : CVE-2017-3762
Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.
Products affected by CVE-2017-3762
- cpe:2.3:a:lenovo:fingerprint_manager_pro:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-3762
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 33 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-3762
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-3762
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-3762
-
http://www.openwall.com/lists/oss-security/2019/05/08/3
oss-security - Re: Re: fprintd: found storing user fingerprints without encryption
-
https://support.lenovo.com/product_security/LEN-15999
Lenovo Fingerprint Manager Pro for Windows 7, 8, and 8.1 only (not 10) Insecure Credential Storage - USPatch;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2019/05/08/4
oss-security - Re: Re: fprintd: found storing user fingerprints without encryption
-
http://www.securityfocus.com/bid/102837
Lenovo Fingerprint Manager Pro CVE-2017-3762 Multiple Local Security WeaknessesVDB Entry;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2019/05/08/5
oss-security - Re: Re: fprintd: found storing user fingerprints without encryption
Jump to