Apache · Mod Auth Shadow · CVE-2005-2963
**Name of the Vulnerable Software and Affected Versions**
mod auth shadow module versions 1.0 through 1.5 and version 2.0
**Description**
The issue allows remote authenticated users to bypass security restrictions due to the mod auth shadow module using shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified.
**Recommendations**
For mod auth shadow module versions 1.0 through 1.5 and version 2.0, consider disabling the AuthShadow feature until a patch is available to prevent the bypassing of security restrictions.