diff --git a/ChangeLog.txt b/ChangeLog.txt
index 9f471d92..8f56cd4f 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,6 +1,8 @@
 Broker:
 - Use constant time memcmp for password comparisons.
 - Fix incorrect PSK key being used if it had leading zeroes.
+- Fix memory leak if a client provided a username/password for a listener with
+  use_identity_as_username configured.
 
 Client library:
 - Fix incorrect PSK key being used if it had leading zeroes.
diff --git a/src/read_handle_server.c b/src/read_handle_server.c
index 6be6a250..a16f2057 100644
--- a/src/read_handle_server.c
+++ b/src/read_handle_server.c
@@ -336,6 +336,12 @@ int mqtt3_handle_connect(struct mosquitto_db *db, struct mosquitto *context)
 
 #ifdef WITH_TLS
 	if(context->listener && context->listener->ssl_ctx && context->listener->use_identity_as_username){
+		/* Don't need the username or password if provided */
+		_mosquitto_free(username);
+		username = NULL;
+		_mosquitto_free(password);
+		password = NULL;
+
 		if(!context->ssl){
 			_mosquitto_send_connack(context, 0, CONNACK_REFUSED_BAD_USERNAME_PASSWORD);
 			rc = 1;