diff --git a/app/models/user.rb b/app/models/user.rb
index a31cb46e9..4a33590f7 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -384,8 +384,8 @@ class User < Principal
   # Find a user account by matching the exact login and then a case-insensitive
   # version.  Exact matches will be given priority.
   def self.find_by_login(login)
+    login = Redmine::CodesetUtil.replace_invalid_utf8(login.to_s)
     if login.present?
-      login = login.to_s
       # First look for an exact match
       user = where(:login => login).detect {|u| u.login == login}
       unless user
diff --git a/test/integration/api_test/authentication_test.rb b/test/integration/api_test/authentication_test.rb
index 016ab11d2..92f7db684 100644
--- a/test/integration/api_test/authentication_test.rb
+++ b/test/integration/api_test/authentication_test.rb
@@ -30,7 +30,7 @@ class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base
 
   def test_api_should_trigger_basic_http_auth_with_basic_authorization_header
     ApplicationController.any_instance.expects(:authenticate_with_http_basic).once
-    get '/users/current.xml', {}, credentials('admin')
+    get '/users/current.xml', {}, credentials('jsmith')
   end
 
   def test_api_should_not_trigger_basic_http_auth_with_non_basic_authorization_header
@@ -38,6 +38,12 @@ class Redmine::ApiTest::AuthenticationTest < Redmine::ApiTest::Base
     get '/users/current.xml', {}, 'HTTP_AUTHORIZATION' => 'Digest foo bar'
   end
 
+  def test_invalid_utf8_credentials_should_not_trigger_an_error
+    assert_nothing_raised do
+      get '/users/current.xml', {}, credentials("\x82", "foo")
+    end
+  end
+
   def test_api_request_should_not_use_user_session
     log_user('jsmith', 'jsmith')