HOLY COW! Lenovo may have lost its mind. The firm has created vulnerabilities in ShareIT that could be exploited by anyone who can guess that '12345678' could be a password.
This is woeful, head-in-the-hands stuff and follows a recent publication of the most rubbish passwords out there. A password that Lenovo is using as a default is third on the list. It is '12345678', which is marginally worse than 'Password' but still equally loathsome as far as choices go.
"When Lenovo ShareIT for Windows is configured to receive files, a WiFi hotspot is set with an easy password (12345678). Any system with a WiFi network card could connect to that hotspot by using that password. The password is always the same," said Core Security.
"The files are transferred via HTTP without encryption. An attacker that is able to sniff the network traffic could view the data transferred or perform man-in-the-middle attacks, for example by modifying the content of the transferred files