=== modified file 'sql/sql_acl.cc'
--- sql/sql_acl.cc	2013-08-28 05:49:53 +0000
+++ sql/sql_acl.cc	2013-10-28 21:48:27 +0000
@@ -9354,13 +9354,23 @@
   THD *thd=mpvio->thd;
   DBUG_ENTER("native_password_authenticate");
 
+  bool scramble_generated = false;
+
   /* generate the scramble, or reuse the old one */
   if (thd->scramble[SCRAMBLE_LENGTH])
   {
     create_random_string(thd->scramble, SCRAMBLE_LENGTH, &thd->rand);
-    /* and send it to the client */
-    if (mpvio->write_packet(mpvio, (uchar*)thd->scramble, SCRAMBLE_LENGTH + 1))
-      DBUG_RETURN(CR_ERROR);
+    scramble_generated= true;
+  }
+
+  /*
+    We need to send the scramble if it is new (i.e. fresh connection), or if we received a CHANGE USER command without a password.
+    Otherwise, we must not send it.
+   */
+  if(!(thd->password) || scramble_generated){
+	/* and send it to the client */
+	if (mpvio->write_packet(mpvio, (uchar*)thd->scramble, SCRAMBLE_LENGTH + 1))
+	  DBUG_RETURN(CR_ERROR);
   }
 
   /* reply and authenticate */