diff --git a/mysql-test/include/have_unix_socket.inc b/mysql-test/include/have_unix_socket.inc
new file mode 100644
index 00000000000..6e4c3b9826b
--- /dev/null
+++ b/mysql-test/include/have_unix_socket.inc
@@ -0,0 +1,10 @@
+--source include/not_embedded.inc
+
+if (!$AUTH_SOCKET_SO) {
+  skip No unix_socket plugin;
+}
+
+if (!$USER) {
+  skip USER variable is undefined;
+}
+
diff --git a/mysql-test/r/failed_auth_unixsocket.result b/mysql-test/r/failed_auth_unixsocket.result
new file mode 100644
index 00000000000..7e2499795cb
--- /dev/null
+++ b/mysql-test/r/failed_auth_unixsocket.result
@@ -0,0 +1,12 @@
+update mysql.user set plugin='unix_socket';
+flush privileges;
+connect(localhost,USER,,test,MASTER_PORT,MASTER_SOCKET);
+ERROR HY000: Plugin 'unix_socket' is not loaded
+ERROR HY000: Plugin 'unix_socket' is not loaded
+install plugin unix_socket soname 'auth_socket.so';
+connect(localhost,USER,,test,MASTER_PORT,MASTER_SOCKET);
+ERROR 28000: Access denied for user 'USER'@'localhost' (using password: NO)
+ERROR 28000: Access denied for user 'USER'@'localhost' (using password: NO)
+update mysql.user set plugin='';
+flush privileges;
+uninstall plugin unix_socket;
diff --git a/mysql-test/suite/plugins/t/unix_socket.test b/mysql-test/suite/plugins/t/unix_socket.test
index fc2e6c5b3c6..3ce1d0323fb 100644
--- a/mysql-test/suite/plugins/t/unix_socket.test
+++ b/mysql-test/suite/plugins/t/unix_socket.test
@@ -1,8 +1,4 @@
---source include/not_embedded.inc
-
-if (!$AUTH_SOCKET_SO) {
-  skip No auth_socket plugin;
-}
+--source include/have_unix_socket.inc
 
 let $plugindir=`SELECT @@global.plugin_dir`;
 
diff --git a/mysql-test/t/failed_auth_unixsocket.test b/mysql-test/t/failed_auth_unixsocket.test
new file mode 100644
index 00000000000..36649312a00
--- /dev/null
+++ b/mysql-test/t/failed_auth_unixsocket.test
@@ -0,0 +1,29 @@
+--source include/have_unix_socket.inc
+
+#
+# MDEV-3909 remote user enumeration
+# unix_socket tests
+#
+update mysql.user set plugin='unix_socket';
+flush privileges;
+
+--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT $USER USER
+--error ER_PLUGIN_IS_NOT_LOADED
+connect (fail,localhost,$USER);
+
+--error ER_PLUGIN_IS_NOT_LOADED
+change_user $USER;
+
+eval install plugin unix_socket soname '$AUTH_SOCKET_SO';
+
+--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT $USER USER
+--error ER_ACCESS_DENIED_ERROR
+connect (fail,localhost,$USER);
+
+--error ER_ACCESS_DENIED_ERROR
+change_user $USER;
+
+update mysql.user set plugin='';
+flush privileges;
+uninstall plugin unix_socket;
+
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index c59c2296111..afee9cb5e15 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -8193,7 +8193,12 @@ bool acl_authenticate(THD *thd, uint connect_errors,
     auth_plugin_name= &mpvio.acl_user->plugin;
     res= do_auth_once(thd, auth_plugin_name, &mpvio);
   }
-
+  if (mpvio.make_it_fail)
+  {
+    mpvio.status= MPVIO_EXT::FAILURE;
+    res= CR_ERROR;
+  }
+ 
   Security_context *sctx= thd->security_ctx;
   ACL_USER *acl_user= mpvio.acl_user;