diff --git a/server/modules/protocol/mysql_common.c b/server/modules/protocol/mysql_common.c
index 9b138360a..fcf254d64 100644
--- a/server/modules/protocol/mysql_common.c
+++ b/server/modules/protocol/mysql_common.c
@@ -46,6 +46,9 @@
 #include <log_manager.h>
 #include <netinet/tcp.h>
 
+/* The following can be compared using memcmp to detect a null password */
+uint8_t null_client_sha1[MYSQL_SCRAMBLE_LEN]="";
+
 /** Defined in log_manager.cc */
 extern int            lm_enabled_logfiles_bitmask;
 extern size_t         log_ses_count[];
@@ -577,7 +580,7 @@ int gw_send_authentication_to_backend(
         if (strlen(dbname))
                 curr_db = dbname;
 
-        if (strlen((char *)passwd))
+        if (memcmp(passwd, null_client_sha1, MYSQL_SCRAMBLE_LEN))
                 curr_passwd = passwd;
 
 	dcb = conn->owner_dcb;
@@ -1122,7 +1125,7 @@ GWBUF* gw_create_change_user_packet(
 		curr_db = db;
 	}
 	
-	if (strlen((char *)pwd) > 0)
+	if (memcmp(pwd, null_client_sha1, MYSQL_SCRAMBLE_LEN))
 	{
 		curr_passwd = pwd;
 	}	
@@ -1358,12 +1361,7 @@ int gw_check_mysql_scramble_data(DCB *dcb, uint8_t *token, unsigned int token_le
 		gw_bin2hex(hex_double_sha1, password, SHA_DIGEST_LENGTH);
 	} else {
 		/* check if the password is not set in the user table */
-		if (!strlen((char *)password)) {
-			/* Username without password */
-			return 0;
-		} else {
-			return 1;
-		}
+		return memcmp(password, null_client_sha1, MYSQL_SCRAMBLE_LEN) ? 1 : 0;
 	}
 
 	/*<