diff --git a/src/endpoints_handlers/AuthLoginExecutor.h b/src/endpoints_handlers/AuthLoginExecutor.h
index 07e2dd3..b17e65d 100644
--- a/src/endpoints_handlers/AuthLoginExecutor.h
+++ b/src/endpoints_handlers/AuthLoginExecutor.h
@@ -46,8 +46,8 @@ public:
     {
       req_json = json::parse(body);
 
-      std::string login = req_json.as_object().at("login").as_string().c_str();
-      std::string password = req_json.as_object().at("password").as_string().c_str();
+      const std::string login = req_json.as_object().at("login").as_string().c_str();
+      const std::string password = req_json.as_object().at("password").as_string().c_str();
 
       if (login.empty() || password.empty())
       {
@@ -61,9 +61,19 @@ public:
         return res;
       }
 
-      std::string hashed_password = HashPassword(password);
+      std::optional<User> user = user_dao_->GetByLogin(login);
 
-      std::optional<User> maybe_user = user_dao_->GetByLogin(login);
+      if (!user.has_value() || (user.value().GetHashedPassword() != HashPassword(password)))
+      {
+        http::response<ResponseType> res{http::status::unprocessable_entity, req.version()};
+        response_body.as_object().emplace("Result", "Incorrect login or password");
+
+        res.body() = serialize(response_body);
+        res.set(http::field::content_type, "application/json");
+        res.content_length(res.body().size());
+
+        return res;
+      }
     }
     catch (const system::system_error& err)
     {