This is pretty jarring. Lenovo has confirmed its in-house authentication software Fingerprint Manager Pro (version 8.01.86), which lets users unlock their devices using fingerprint recognition, was affected by a severe vulnerability which attackers could exploit to access to any system equipped with the app.

As per Lenovo’s disclosure, Fingerprint Manager contained a hard-coded password that made it accessible to all users with local non-administrative access. In addition to this, it stored sensitive information like Windows logon credentials and fingerprint data which were “encrypted using a weak algorithm.”

“Sensitive data stored by Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in,” the report read.

The flaw was discovered by researcher Jackson Thuraisamy from Security Compass.

For those unfamiliar, Fingerprint Manager allowed users with fingerprint-enabled Lenovo devices to log in using their fingers.

The faulty software is available for Windows 7, 8 and 8.1. According to a details posted on the company’s website, this is the full list of devices compatible with Fingerprint Manager:

ThinkPad L560

ThinkPad P40 Yoga, P50s

ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560

ThinkPad W540, W541, W550s

ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)

ThinkPad X240, X240s, X250, X260

ThinkPad Yoga 14 (20FY), Yoga 460

ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z

ThinkStation E32, P300, P500, P700, P900

Users running an affected iteration of the authentication app are advised to immediately update to version 8.01.87 or later. You can do so by clicking here.

The security blunder is not the first on the company’s record. Back in 2015, Lenovo got its website hacked – a week after it was caught secretly loading adware on new computers.

Read next: Official Galaxy S9 renders have leaked