diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/LoginServlet.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/LoginServlet.java
index 927031daa00b3c59c117b859cbc4d156fe16520e..70997ec47ab956e32b894587783ba0719a772f68 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/LoginServlet.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/LoginServlet.java
@@ -135,9 +135,10 @@ public class LoginServlet extends HttpServlet
         catch (AccessControlException e)
         {
             log.debug(e.getMessage(), e);
-            logInfo.setMessage(e.getMessage());
+            String message = "Invalid credentials";
+            logInfo.setMessage(message);
     	    response.setContentType(CONTENT_TYPE);
-            response.getWriter().write(e.getMessage());
+            response.getWriter().write(message);
             response.setStatus(401);
         }
         catch (Throwable t)