diff --git a/ChangeLog b/ChangeLog
index 0cfc75e6c..dc9e8f424 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -54,6 +54,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - bug #2959746 [interface] Unknown table status: TABLE_TYPE 
 - bug #2953050 [export] export VIEW as SQL includes INSERT statement 
 - bug #2942032 [core] Cannot detect PmaAbsoluteUri correctly on Windows 
+- bug #2961609 [auth] Potential information disclosure at login page
 
 3.3.0.0 (not yet released)
 + rfe #2308632 [edit] Use hex for (var)binary fields,
diff --git a/libraries/auth/cookie.auth.lib.php b/libraries/auth/cookie.auth.lib.php
index bc11abe61..eb54409fc 100644
--- a/libraries/auth/cookie.auth.lib.php
+++ b/libraries/auth/cookie.auth.lib.php
@@ -646,7 +646,6 @@ function PMA_auth_set_user()
  * this function MUST exit/quit the application,
  * currently doen by call to PMA_auth()
  *
- * @todo    $php_errormsg is invalid here!? it will never be set in this scope
  * @uses    $GLOBALS['server']
  * @uses    $GLOBALS['allowDeny_forbidden']
  * @uses    $GLOBALS['strAccessDenied']
@@ -685,9 +684,7 @@ function PMA_auth_fails()
             }
         }
     } elseif (PMA_DBI_getError()) {
-        $conn_error = PMA_sanitize(PMA_DBI_getError());
-    } elseif (isset($php_errormsg)) {
-        $conn_error = $php_errormsg;
+        $conn_error = '#' . $GLOBALS['errno'] . ' ' . $GLOBALS['strCannotLogin']; 
     } else {
         $conn_error = $GLOBALS['strCannotLogin'];
     }