diff --git a/src/Client.cpp b/src/Client.cpp
index c21925c4..01195b50 100644
--- a/src/Client.cpp
+++ b/src/Client.cpp
@@ -200,7 +200,7 @@ void CClient::ReadLine(const CString& sData) {
             }
 
             m_bGotUser = true;
-            if (m_bGotPass) {
+            if (m_bGotPass || !m_sSASLUser.empty()) {
                 AuthUser();
             } else if (!m_bInCap) {
                 SendRequiredPasswordNotice();
diff --git a/test/integration/tests/modules.cpp b/test/integration/tests/modules.cpp
index f7c88a7d..53ad1f2d 100644
--- a/test/integration/tests/modules.cpp
+++ b/test/integration/tests/modules.cpp
@@ -16,6 +16,7 @@
 
 #include <gmock/gmock.h>
 #include <gtest/gtest.h>
+#include <qstringview.h>
 
 #include "znctest.h"
 
@@ -480,6 +481,24 @@ TEST_F(ZNCTest, SaslAuthPlainImapAuth) {
     client2.ReadUntil(":irc.znc.in 903 foo :SASL authentication successful");
 }
 
+TEST_F(ZNCTest, SaslAuthUserAfterCapEnd) {
+    // kvirc sends this
+    auto znc = Run();
+    auto ircd = ConnectIRCd();
+    auto client = ConnectClient();
+    client.Write("CAP LS");
+    client.Write("PING :::1");
+    client.Write("CAP REQ :sasl");
+    client.Write("AUTHENTICATE PLAIN");
+    client.Write("AUTHENTICATE " +
+                 QByteArrayLiteral("\0user\0hunter2").toBase64());
+    client.Write("CAP END");
+    client.ReadUntil("903 unknown-nick :SASL authentication successful");
+    client.Write("NICK nick");
+    client.Write("USER user 0 1 :2");
+    client.ReadUntil("001");
+}
+
 TEST_F(ZNCTest, SaslAuthAbort) {
     auto znc = Run();
     auto ircd = ConnectIRCd();