A SAML vulnerability was found and disclosed by Duo Security on 27 February 2018. The vulnerability is an attack on a weakness in the XML interpreter in use by a SAML Service Provider (SP). There are two parties of great interest in any SAML exchange - the Service Provider and the Identity Provider (IP). Kaseya’s AuthAnvil functions as an Identity Provider when launching workflow applications from its Launchpad page. Since this particular attack can only be used in modifying the response from the IP to the SP, AuthAnvil is not subject to this vulnerability. AuthAnvil does not act as a Service Provider, and is therefore not vulnerable to attacks against the Service Provider.
In addition, AuthAnvil does not use the XML and SAML libraries discussed in the vulnerability announcement.
We continue to keep abreast of information such as this in order to ensure that we do not in future become vulnerable to similar or related attacks.
Senior Product Manager, AuthAnvil