diff --git a/lib/bundler/fetcher/compact_index.rb b/lib/bundler/fetcher/compact_index.rb
index f9db920c32..d3160251cb 100644
--- a/lib/bundler/fetcher/compact_index.rb
+++ b/lib/bundler/fetcher/compact_index.rb
@@ -15,7 +15,7 @@ module Bundler
           method.bind(self).call(*args, &blk)
         rescue NetworkDownError, CompactIndexClient::Updater::MisMatchedChecksumError => e
           raise HTTPError, e.message
-        rescue AuthenticationRequiredError
+        rescue AuthenticationRequiredError, BadAuthenticationError
           # Fail since we got a 401 from the server.
           raise
         rescue HTTPError => e
diff --git a/spec/bundler/install/gems/compact_index_spec.rb b/spec/bundler/install/gems/compact_index_spec.rb
index f0717de36d..1d193a0f20 100644
--- a/spec/bundler/install/gems/compact_index_spec.rb
+++ b/spec/bundler/install/gems/compact_index_spec.rb
@@ -683,6 +683,15 @@ The checksum of /versions does not match the checksum provided by the server! So
         bundle :install, :artifice => "compact_index_strict_basic_authentication", :raise_on_error => false
         expect(err).to include("Bad username or password")
       end
+
+      it "does not fallback to old dependency API if bad authentication is provided" do
+        bundle "config set #{source_hostname} #{user}:wrong"
+
+        bundle :install, :artifice => "compact_index_strict_basic_authentication", :raise_on_error => false, :verbose => true
+        expect(err).to include("Bad username or password")
+        expect(out).to include("HTTP 401 Unauthorized http://user@localgemserver.test/versions")
+        expect(out).not_to include("HTTP 401 Unauthorized http://user@localgemserver.test/api/v1/dependencies")
+      end
     end
 
     describe "with no password" do