diff --git a/src/controllers/authentication.js b/src/controllers/authentication.js
index 739632b6c4..5dd4d62efe 100644
--- a/src/controllers/authentication.js
+++ b/src/controllers/authentication.js
@@ -397,6 +397,7 @@ authenticationController.localLogin = function (req, username, password, next) {
 			uid = _uid;
 
 			async.parallel({
+				userData: async.apply(db.getObjectFields, 'user:' + uid, ['passwordExpiry']),
 				isAdminOrGlobalMod: function (next) {
 					user.isAdminOrGlobalMod(uid, next);
 				},
@@ -406,10 +407,10 @@ authenticationController.localLogin = function (req, username, password, next) {
 			}, next);
 		},
 		function (result, next) {
-			userData = {
+			userData = Object.assign(result.userData, {
 				uid: uid,
 				isAdminOrGlobalMod: result.isAdminOrGlobalMod,
-			};
+			});
 
 			if (!result.isAdminOrGlobalMod && parseInt(meta.config.allowLocalLogin, 10) === 0) {
 				return next(new Error('[[error:local-login-disabled]]'));
diff --git a/src/user/password.js b/src/user/password.js
index b5b884774d..78dc61cec4 100644
--- a/src/user/password.js
+++ b/src/user/password.js
@@ -24,8 +24,11 @@ module.exports = function (User) {
 			},
 			function (_hashedPassword, next) {
 				hashedPassword = _hashedPassword;
-				if (!hashedPassword) {
+				if (uid && !hashedPassword) {
 					return callback(null, true);
+				} else if (!hashedPassword) {
+					// Non-existant user, submit fake hash for comparison
+					hashedPassword = '';
 				}
 
 				User.isPasswordValid(password, 0, next);