Palo Alto said that a fix was pushed out in a software update, but enterprises can also switch off SAML — a way of letting a user log in to the network — to mitigate the flaw.