diff --git a/server/modules/protocol/MySQL/mariadbbackend/mysql_backend.cc b/server/modules/protocol/MySQL/mariadbbackend/mysql_backend.cc
index e23890ff5..3362a022a 100644
--- a/server/modules/protocol/MySQL/mariadbbackend/mysql_backend.cc
+++ b/server/modules/protocol/MySQL/mariadbbackend/mysql_backend.cc
@@ -1416,6 +1416,10 @@ static int gw_backend_close(DCB* dcb)
     {
         MYSQL_session client;
         gw_get_shared_session_auth_info(dcb, &client);
+
+        // Don't use the actual client SHA1. This prevents the password from being used with the constant
+        // null scramble we use in these cases.
+        memset(client.client_sha1, 0, sizeof(client.client_sha1));
         memset(proto->scramble, 0, sizeof(proto->scramble));
         dcb_write(dcb, gw_generate_auth_response(&client, proto, false, false, 0));
     }