diff --git a/CHANGELOG b/CHANGELOG
index b8341d233..2bceb2d70 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,9 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [Ncat] Fixed SOCKS5 username/password authentication. The password length was
+  being written in the wrong place, so authentication could not succeed.
+  Reported with patch by Pierluigi Vittori.
+
 o [NSE] Add s7-info script to get device information from Siemens PLCs via the
   S7 service, tunnelled over ISO-TSAP on TCP port 102. [Stephen Hilt]
 
diff --git a/ncat/ncat_connect.c b/ncat/ncat_connect.c
index 1a473cabd..4a8a084d0 100644
--- a/ncat/ncat_connect.c
+++ b/ncat/ncat_connect.c
@@ -723,7 +723,7 @@ static int do_proxy_socks5(void)
             memcpy(socks5auth.data+1,username,strlen(username));
             len = 2 + strlen(username); // (version + strlen) + username
 
-            socks5auth.data[len]=strlen(password);
+            socks5auth.data[len-1]=strlen(password);
             memcpy(socks5auth.data+len,password,strlen(password));
             len += 1 + strlen(password);