Lenovo Issues Patch to Fix Username/Password Vulnerabilities

Posted by at 10:35 am on November 30, 2015

Lenovo FeatureLenovo patched two vulnerabilities over the Thanksgiving holiday that would allow a hacker to acquire administrative privileges. It was reported that Lenovo System Update 5.07.001 (CVE-2015-8109) contained issues that would give an attacker the ability to more easily predict usernames and passwords of the temporary administrator account.

“Lenovo creates a random temporary Administrator account with a username that follows the template tvsu_tmp_x xxxxXXXXX where each lowercase x is a randomly generated lower case letter and each uppercase X is a randomly generated uppercase letter. A 19-byte,random password is generated via an algorithm,” IOActive said in a report.

The function that creates the random password uses a predictable algorithm allowing an attacker with knowledge of the account creation timestamp to predict the username.

It is recommended Lenovo owners install Lenovo System Update application (version 5.06.0043 or higher) through the system update tool.

Leave a Reply

Sign Up For Our Newsletter

Sign up to receive breaking news
as well as receive other site updates

Enter your Email

Preview | Powered by FeedBlitz

Log in

Copyright © 2008 - 2020 · StreetCorner Media , LLC· All Rights Reserved ·