diff --git a/src/server.c b/src/server.c
index 7882b0d99..2bdfd1640 100644
--- a/src/server.c
+++ b/src/server.c
@@ -3341,9 +3341,10 @@ int processCommand(client *c) {
 
     /* Check if the user is authenticated. This check is skipped in case
      * the default user is flagged as "nopass" and is active. */
-    int auth_required = !(DefaultUser->flags & USER_FLAG_NOPASS) &&
+    int auth_required = (!(DefaultUser->flags & USER_FLAG_NOPASS) ||
+                           DefaultUser->flags & USER_FLAG_DISABLED) &&
                         !c->authenticated;
-    if (auth_required || DefaultUser->flags & USER_FLAG_DISABLED) {
+    if (auth_required) {
         /* AUTH and HELLO are valid even in non authenticated state. */
         if (c->cmd->proc != authCommand || c->cmd->proc == helloCommand) {
             flagTransaction(c);