Summary

A user can see the existence of security tags if another user who is authorized to see those tags is logged in when the unauthorized user logs in.

While the unauthorized user can view the list of tags, documents with security tags are still secure. If the user is not assigned the corresponding security tag, he/she still cannot see the existence of any secured documents.

In addition, while the unauthorized user can view the list of tags, he/she cannot administratate or assign those security tags to other documents.

Resolution

To resolve this issue, please upgrade to Laserfiche version 7.0.2.

More Information

Steps to recreate the issue:

1. Log in as any user that has been granted security tags.
2. From any workstation, log in as an unauthorized user. The unauthorized user will be able to view a list of security tags for the duration of the session.

Note: This issue does not affect repositories using Oracle.