diff --git a/src/endpoints_handlers/AuthLoginExecutor.h b/src/endpoints_handlers/AuthLoginExecutor.h
index ff2a10b..d49e35e 100644
--- a/src/endpoints_handlers/AuthLoginExecutor.h
+++ b/src/endpoints_handlers/AuthLoginExecutor.h
@@ -66,7 +66,7 @@ public:
 
     const std::optional<user> maybe_user = user_dao_->GetByLogin(login);
 
-    if (!maybe_user.has_value() && maybe_user.value().hashed_password != HashPassword(password))
+    if (!maybe_user.has_value() || maybe_user.value().hashed_password != HashPassword(password))
     {
       BOOST_LOG_TRIVIAL(info) << "POST /api/v1/Auth/Login - Response 403: Incorrect login or password";
       throw session_exception(http::status::forbidden,"Incorrect login or password");
diff --git a/tests/endpoint_handlers/AuthLoginExecutor_TEST.cpp b/tests/endpoint_handlers/AuthLoginExecutor_TEST.cpp
index 07090d1..81bf6d4 100644
--- a/tests/endpoint_handlers/AuthLoginExecutor_TEST.cpp
+++ b/tests/endpoint_handlers/AuthLoginExecutor_TEST.cpp
@@ -31,7 +31,7 @@ using RouteAuthLoginExecutor = AuthLoginExecutor<beast::http::string_body,
 using Request = boost::beast::http::request<beast::http::string_body,
                                             beast::http::basic_fields<std::allocator<char>>>;
 
-BOOST_AUTO_TEST_CASE(AuthRegistrationExecutor_Invalid_Login_Data)
+BOOST_AUTO_TEST_CASE(AuthRegistrationExecutor_Cannot_Serialize_JSON)
 {
   auto& argv = boost::unit_test::framework::master_test_suite().argv;
 
@@ -59,3 +59,37 @@ BOOST_AUTO_TEST_CASE(AuthRegistrationExecutor_Invalid_Login_Data)
   mysql_session->close();
   delete mysql_session;
 }
+
+BOOST_AUTO_TEST_CASE(AuthRegistrationExecutor_Invalid_Login_Data)
+{
+  auto& argv = boost::unit_test::framework::master_test_suite().argv;
+
+  const std::string mysql_credentials = argv[1];
+
+  mysqlx::Session* mysql_session = new mysqlx::Session(mysql_credentials);
+
+  uad::SetMySqlSession(mysql_session);
+
+  auto user_dao = make_shared<MySQLUserDAO>(GetMySqlSession());
+  auto auth_dao = make_shared<MemoryAuthDAO>(GetMySqlSession());
+  auto executor = RouteAuthLoginExecutor(GetMySqlSession(), user_dao, auth_dao);
+
+  Request req;
+  value req_body;
+
+  req_body.emplace_object();
+
+  req_body.as_object().emplace("login"s, "MyLogin123456780"s + kUUID);
+  req_body.as_object().emplace("password"s, "Qwerty123456"s);
+
+  req.body() = serialize(req_body);
+
+  BOOST_CHECK_EXCEPTION(executor(std::move(req)), session_exception,
+                        [](const session_exception& e) -> bool
+                        {
+                        return e.code == beast::http::status::forbidden;
+                        });
+
+  mysql_session->close();
+  delete mysql_session;
+}