The Cloud Consultancy Europe Ltd.
+44 (0) 203 637 6667 [email protected]
Lenovo has been forced to release urgent software fixes after a number of embarrassing flaws were uncovered in its products, including one that left a hard-coded password set to ‘12345678’ by default.

Researchers at Core Security posted an advisory that listed four vulnerabilities in Lenovo’s ShareIT function that could result in man-in-the-middle attacks, information leaks and the bypassing of encryption.

ShareIT is a free Lenovo application that lets users share files and folders between computers, smartphones and tablets.

The flaws affect ShareIT for Android 3.0.18 and Windows Other products and versions may also be affected, but they were not tested.

The first security update (CVE-2016-1491) fixes a hard-coded password flaw affecting Windows that leaves WiFi hotspots open to exploitation.

“When Lenovo ShareIT for Windows is configured to receive files, a WiFi hotspot is set with an easy password (12345678). Any system with a WiFi network card could connect to that hotspot by using that password. The password is always the same,” explained the advisory.


Source: New feed