diff --git a/modules/m_sasl.c b/modules/m_sasl.c
index 38c7baeb3..93c5a0412 100644
--- a/modules/m_sasl.c
+++ b/modules/m_sasl.c
@@ -91,6 +91,12 @@ m_authenticate(struct Client *client_p, struct Client *source_p,
 		return 0;
 	}
 
+	if (*parv[1] == ':' || strchr(parv[1], ' '))
+	{
+		exit_client(client_p, client_p, client_p, "Malformed AUTHENTICATE");
+		return 0;
+	}
+
 	saslserv_p = find_named_client(ConfigFileEntry.sasl_service);
 	if (saslserv_p == NULL || !IsService(saslserv_p))
 	{