diff --git a/cake/libs/controller/components/auth.php b/cake/libs/controller/components/auth.php
index e5af3ad53..e6b639821 100644
--- a/cake/libs/controller/components/auth.php
+++ b/cake/libs/controller/components/auth.php
@@ -722,10 +722,7 @@ class AuthComponent extends Object {
 		} elseif (is_array($user) && isset($user[$this->userModel])) {
 			$user = $user[$this->userModel];
 		}
-		$debug = false;
-		if ($debug = Configure::read('debug')) {
-			Configure::write('debug', 0);
-		}
+
 		if (is_array($user) && (isset($user[$this->fields['username']]) || isset($user[$this->userModel . '.' . $this->fields['username']]))) {
 
 			if (isset($user[$this->fields['username']]) && !empty($user[$this->fields['username']])  && !empty($user[$this->fields['password']])) {
@@ -741,8 +738,8 @@ class AuthComponent extends Object {
 					return false;
 				}
 				$find = array(
-					$this->fields['username'] => $user[$this->userModel . '.' . $this->fields['username']],
-					$this->fields['password'] => $user[$this->userModel . '.' . $this->fields['password']]
+					$this->fields['username'] => '= ' . $user[$this->userModel . '.' . $this->fields['username']],
+					$this->fields['password'] => '= ' . $user[$this->userModel . '.' . $this->fields['password']]
 				);
 			} else {
 				return false;
@@ -760,9 +757,7 @@ class AuthComponent extends Object {
 				return null;
 			}
 		}
-		if ($debug) {
-			Configure::write('debug', $debug);
-		}
+
 		if (isset($data) && !empty($data)) {
 			if (!empty($data[$this->userModel][$this->fields['password']])) {
 				unset($data[$this->userModel][$this->fields['password']]);
diff --git a/cake/tests/cases/libs/controller/components/auth.test.php b/cake/tests/cases/libs/controller/components/auth.test.php
index b77771795..7c75f300d 100644
--- a/cake/tests/cases/libs/controller/components/auth.test.php
+++ b/cake/tests/cases/libs/controller/components/auth.test.php
@@ -377,6 +377,44 @@ class AuthTest extends CakeTestCase {
 		$this->Controller->Session->del('Auth');
 	}
 
+	function testInjection() {
+		$this->AuthUser =& new AuthUser();
+		Configure::write('debug', 1);
+		$this->AuthUser->id = 2;
+		$this->AuthUser->saveField('password', Security::hash(Configure::read('Security.salt') . 'cake'));
+
+		$this->Controller->data['AuthUser']['username'] = 'nate';
+		$this->Controller->data['AuthUser']['password'] = 'cake';
+		$this->Controller->params['url']['url'] = 'auth_test/login';
+		$this->Controller->Auth->initialize($this->Controller);
+
+		$this->Controller->Auth->loginAction = 'auth_test/login';
+		$this->Controller->Auth->userModel = 'AuthUser';
+		$this->Controller->Auth->startup($this->Controller);
+		$this->assertTrue(is_array($this->Controller->Auth->user()));
+
+		$this->Controller->Session->del($this->Controller->Auth->sessionKey);
+
+		$this->Controller->data['AuthUser']['username'] = 'nate';
+		$this->Controller->data['AuthUser']['password'] = 'cake1';
+		$this->Controller->params['url']['url'] = 'auth_test/login';
+		$this->Controller->Auth->initialize($this->Controller);
+
+		$this->Controller->Auth->loginAction = 'auth_test/login';
+		$this->Controller->Auth->userModel = 'AuthUser';
+		$this->Controller->Auth->startup($this->Controller);
+		$this->assertTrue(is_null($this->Controller->Auth->user()));
+
+		$this->Controller->Session->del($this->Controller->Auth->sessionKey);
+
+		$this->Controller->data['AuthUser']['username'] = '> n';
+		$this->Controller->data['AuthUser']['password'] = 'cake';
+		$this->Controller->Auth->initialize($this->Controller);
+
+		$this->Controller->Auth->startup($this->Controller);
+		$this->assertTrue(is_null($this->Controller->Auth->user()));
+	}
+
 	function tearDown() {
 		unset($this->Controller, $this->AuthUser);
 	}