diff --git a/mysql-test/main/set_password.result b/mysql-test/main/set_password.result
index 6a4e0da937e..a3d8683ee64 100644
--- a/mysql-test/main/set_password.result
+++ b/mysql-test/main/set_password.result
@@ -11,9 +11,11 @@ create user oldauth@localhost identified with 'mysql_old_password' using '378b24
 create user oldpass@localhost identified by password '378b243e220ca493';
 create user oldpassold@localhost identified with 'mysql_old_password';
 set password for oldpassold@localhost = '378b243e220ca493';
+create user invalidmysql57auth@localhost identified via 'mysql_native_password' using '*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE';
 select user, host, password, plugin, authentication_string from mysql.user where user != 'root';
 User	Host	Password	plugin	authentication_string
 invalidauth	localhost	invalid	mysql_native_password	invalid
+invalidmysql57auth	localhost	*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE	mysql_native_password	*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE
 invalidpass	localhost	invalid	mysql_native_password	invalid
 invalidpassnat	localhost	invalid	mysql_native_password	invalid
 mariadb.sys	localhost		mysql_native_password	
@@ -95,6 +97,7 @@ set password for oldpassold@localhost = PASSWORD('test2');
 select user, host, password, plugin, authentication_string from mysql.user where user != 'root';
 User	Host	Password	plugin	authentication_string
 invalidauth	localhost	invalid	mysql_native_password	invalid
+invalidmysql57auth	localhost	*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE	mysql_native_password	*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE
 invalidpass	localhost	invalid	mysql_native_password	invalid
 invalidpassnat	localhost	invalid	mysql_native_password	invalid
 mariadb.sys	localhost		mysql_native_password	
@@ -160,6 +163,9 @@ ERROR 28000: Access denied for user 'invalidpass'@'localhost' (using password: Y
 connect(localhost,invalidpassnat,invalid,test,MASTER_PORT,MASTER_SOCKET);
 connect con,localhost,invalidpassnat,invalid,;
 ERROR 28000: Access denied for user 'invalidpassnat'@'localhost' (using password: YES)
+connect(localhost,invalidmysql57auth,invalid,test,MASTER_PORT,MASTER_SOCKET);
+connect con,localhost,invalidmysql57auth,invalid,;
+ERROR 28000: Access denied for user 'invalidmysql57auth'@'localhost' (using password: YES)
 connect con,localhost,oldauth,test2,;
 select current_user();
 current_user()
@@ -177,7 +183,7 @@ oldpassold@localhost
 disconnect con;
 connection default;
 drop user natauth@localhost, newpass@localhost, newpassnat@localhost;
-drop user invalidauth@localhost, invalidpass@localhost, invalidpassnat@localhost;
+drop user invalidauth@localhost, invalidpass@localhost, invalidpassnat@localhost,invalidmysql57auth@localhost;
 drop user oldauth@localhost, oldpass@localhost, oldpassold@localhost;
 set global secure_auth=default;
 # switching from mysql.global_priv to mysql.user
diff --git a/mysql-test/main/set_password.test b/mysql-test/main/set_password.test
index dd5e261346b..ec652a09274 100644
--- a/mysql-test/main/set_password.test
+++ b/mysql-test/main/set_password.test
@@ -31,6 +31,8 @@ create user oldpass@localhost identified by password '378b243e220ca493';
 create user oldpassold@localhost identified with 'mysql_old_password';
 set password for oldpassold@localhost = '378b243e220ca493';
 
+create user invalidmysql57auth@localhost identified via 'mysql_native_password' using '*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE';
+
 --sorted_result
 select user, host, password, plugin, authentication_string from mysql.user where user != 'root';
 
@@ -131,6 +133,9 @@ select current_user();
 --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
 --error ER_ACCESS_DENIED_ERROR
 --connect(con,localhost,invalidpassnat,invalid,)
+--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT
+--error ER_ACCESS_DENIED_ERROR
+--connect(con,localhost,invalidmysql57auth,invalid,)
 
 --connect(con,localhost,oldauth,test2,)
 select current_user();
@@ -144,7 +149,7 @@ select current_user();
 
 --connection default
 drop user natauth@localhost, newpass@localhost, newpassnat@localhost;
-drop user invalidauth@localhost, invalidpass@localhost, invalidpassnat@localhost;
+drop user invalidauth@localhost, invalidpass@localhost, invalidpassnat@localhost,invalidmysql57auth@localhost;
 drop user oldauth@localhost, oldpass@localhost, oldpassold@localhost;
 set global secure_auth=default;
 
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 08d747b9743..cb2757ba48f 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -14203,6 +14203,7 @@ static int native_password_get_salt(const char *hash, size_t hash_length,
 {
   DBUG_ASSERT(sizeof(invalid_password) > SCRAMBLE_LENGTH);
   DBUG_ASSERT(*out_length >= SCRAMBLE_LENGTH);
+  DBUG_ASSERT(*out_length >= sizeof(invalid_password));
   if (hash_length == 0)
   {
     *out_length= 0;
@@ -14213,14 +14214,27 @@ static int native_password_get_salt(const char *hash, size_t hash_length,
   {
     if (hash_length == 7 && strcmp(hash, "invalid") == 0)
     {
-      memcpy(out, invalid_password, SCRAMBLED_PASSWORD_CHAR_LENGTH);
-      *out_length= SCRAMBLED_PASSWORD_CHAR_LENGTH;
+      memcpy(out, invalid_password, sizeof(invalid_password));
+      *out_length= sizeof(invalid_password);
       return 0;
     }
     my_error(ER_PASSWD_LENGTH, MYF(0), SCRAMBLED_PASSWORD_CHAR_LENGTH);
     return 1;
   }
 
+  for (const char *c= hash + 1; c < (hash + hash_length); c++)
+  {
+    /* If any non-hex characters are found, mark the password as invalid. */
+    if (!(*c >= '0' && *c <= '9') &&
+        !(*c >= 'A' && *c <= 'F') &&
+        !(*c >= 'a' && *c <= 'f'))
+    {
+      memcpy(out, invalid_password, sizeof(invalid_password));
+      *out_length= sizeof(invalid_password);
+      return 0;
+    }
+  }
+
   *out_length= SCRAMBLE_LENGTH;
   get_salt_from_password(out, hash);
   return 0;