Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lenovo protects your backdoor security with a really, really bad password


  • Please log in to reply
1 reply to this topic

#1 JohnC_21

JohnC_21

  • Members
  • 24,437 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:40 AM

Posted 26 January 2016 - 05:40 PM

From The Inquirer:

 

HOLY COW! Lenovo may have lost its mind. The firm has created vulnerabilities in ShareIT that could be exploited by anyone who can guess that '12345678' could be a password.

This is woeful, head-in-the-hands stuff and follows a recent publication of the most rubbish passwords out there. A password that Lenovo is using as a default is third on the list. It is '12345678', which is marginally worse than 'Password' but still equally loathsome as far as choices go.

"When Lenovo ShareIT for Windows is configured to receive files, a WiFi hotspot is set with an easy password (12345678). Any system with a WiFi network card could connect to that hotspot by using that password. The password is always the same," said Core Security.

"The files are transferred via HTTP without encryption. An attacker that is able to sniff the network traffic could view the data transferred or perform man-in-the-middle attacks, for example by modifying the content of the transferred files

 

.



BC AdBot (Login to Remove)

 


#2 Guest_GNULINUX_*

Guest_GNULINUX_*

  • Guests
  • OFFLINE
  •  

Posted 26 January 2016 - 05:53 PM

Really nice of Lenovo, even after this they just can't stop...  :rolleyes:

Apparently they have no clue what security means!

 

Greets!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users