Fingerprint identification flaw allows PC password retrieval
10/09, 11:00pm
Apple-owned Authentec's software at fault, exploit available
Several PC security firms have independently verified a weakness in Authentek's UPEK Protector Suite that allows hostile users with physical control of a machine to rapidly recover Windows account passwords. The software is pre-installed in Windows-based PCs by makers including Dell, Gateway, NEC, Samsung, Sony, and Toshiba. An open-source exploit of the flaw has been released by a pair of security researchers so that paid intrusion testers can exploit the weakness.