diff --git a/ncat/ncat_connect.c b/ncat/ncat_connect.c
index ffb107462..7146f9c50 100644
--- a/ncat/ncat_connect.c
+++ b/ncat/ncat_connect.c
@@ -399,12 +399,13 @@ static char *http_connect_request_auth(char* host_str, unsigned short port, int
 
         /* Split up the proxy auth argument. */
         proxy_auth = Strdup(o.proxy_auth);
-        username = strtok(proxy_auth, ":");
-        password = strtok(NULL, ":");
+        username = proxy_auth;
+        password = strchr(proxy_auth, ':');
         if (password == NULL) {
             free(proxy_auth);
             return NULL;
         }
+        *password++ = '\0';
         response_hdr = http_digest_proxy_authorization(challenge,
             username, password, "CONNECT", sock_to_url(o.target,o.portno));
         if (response_hdr == NULL) {
diff --git a/ncat/ncat_proxy.c b/ncat/ncat_proxy.c
index 8db709fdd..a17f25f7d 100644
--- a/ncat/ncat_proxy.c
+++ b/ncat/ncat_proxy.c
@@ -888,12 +888,13 @@ static int check_auth(const struct http_request *request,
 
         /* Split up the proxy auth argument. */
         proxy_auth = Strdup(o.proxy_auth);
-        username = strtok(proxy_auth, ":");
-        password = strtok(NULL, ":");
+        username = proxy_auth;
+        password = strchr(proxy_auth, ':');
         if (password == NULL) {
             free(proxy_auth);
             return 0;
         }
+        *password++ = '\0';
         ret = http_digest_check_credentials(username, "Ncat", password,
             request->method, credentials);
         free(proxy_auth);