Bug: Forwarded Acrobat Sign email grants access to others' signature
When the Acrobat Sign email, requesting a signature, is forwarded (not delegated) to a third party, that person can sign the document with the forwarding party's signature.
For example:
- Person A requests a signature from Person B, and Person B receives the Acrobat Sign email asking for a signature.
- Person B forwards this email to Person C.
- Person C follows the link in the forwarded (not delegated) email and opens the document in Adobe Sign.
- In Acrobat Sign, when Person C clicks on the signature field, they see Person B's signature.
- If Person C signs the document and closes Adobe Sign, it will show that Person B signed it.
This is also reflected in the audit report. Although Person C "signed" the document in this case, it is noted in the document that the signature came from Person B.
This appears to be a potential security risk as third parties can gain access to personal signatures.

-
Sky Medical technology limted commented
This is not right. Adobesign claim that it is Part 11, 21 CFR compliance. This is considered as an unauthroised access, making AdobeSign not in compliance anymore.
-
Brian T commented
This is how it works for all esign platforms. If they have access to the link in the email, they can sign it