Description
Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://support.lenovo.com/us/en/product_security/ts_bios_pw
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74198
Scores
EPSS
0.0018
EPSS Percentile
39.3%
Details
CWE
CWE-310
Status
published
Products (10)
lenovo/thinkserver_rd350
lenovo/thinkserver_rd350_firmware
< 1.25.0
lenovo/thinkserver_rd450
lenovo/thinkserver_rd450_firmware
< 1.25.0
lenovo/thinkserver_rd550
lenovo/thinkserver_rd550_firmware
< 1.25.0
lenovo/thinkserver_rd650
lenovo/thinkserver_rd650_firmware
< 1.25.0
lenovo/thinkserver_td350
lenovo/thinkserver_td350_firmware
< 1.25.0
Published
Apr 16, 2015
Tracked Since
Feb 18, 2026