diff --git a/CHANGELOG b/CHANGELOG
index f12ec2d58..3f5870355 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,9 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE] Applied patch from Daniel Miller that fixes a bug in http-form-brute
+  reported by Josh Greenwood. The script would break if autodetection of
+  either brute form fields would fail.
+
 o [NSE] Added a SIP library and two new scripts sip-brute.nse and
   sip-user-enum.nse providing brute and user enumeration support for the SIP
   protocol. [Patrik]
diff --git a/scripts/http-form-brute.nse b/scripts/http-form-brute.nse
index 75e2dd569..32c4929d9 100644
--- a/scripts/http-form-brute.nse
+++ b/scripts/http-form-brute.nse
@@ -132,10 +132,14 @@ action = function( host, port )
 	local uservar = nmap.registry.args['http-form-brute.uservar']
 	local passvar = nmap.registry.args['http-form-brute.passvar']
   	local path = nmap.registry.args['http-form-brute.path'] or "/"
-	local status, result, engine
+	local status, result, engine, _
 
-	if ( not(uservar) or not(passvar) ) then
+	if ( not(uservar) and not(passvar) ) then
 		uservar, passvar = detectFormFields( host, port, path )
+	elseif ( not(uservar) ) then
+		uservar, _ = detectFormFields( host, port, path )
+	elseif ( not(passvar) ) then
+		_, passvar = detectFormFields( host, port, path )
 	end
 	if ( not( uservar ) ) then
 		return "  \n  ERROR: No uservar was specified (see http-form-brute.uservar)"