diff --git a/plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenticator.java b/plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenticator.java
index c1415d256bb..d478df6c8ee 100644
--- a/plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenticator.java
+++ b/plugins/user-authenticators/md5/src/com/cloud/server/auth/MD5UserAuthenticator.java
@@ -61,23 +61,22 @@ public class MD5UserAuthenticator extends DefaultUserAuthenticator {
     }
 
     @Override
-    public String encode(String password) {
-        MessageDigest md5 = null;
+    public String encode(final String password) {
         try {
-            md5 = MessageDigest.getInstance("MD5");
+            final MessageDigest md5 = MessageDigest.getInstance("MD5");
+            md5.reset();
+            BigInteger pwInt = new BigInteger(1, md5.digest(password.getBytes()));
+            String pwStr = pwInt.toString(16);
+            int padding = 32 - pwStr.length();
+            StringBuilder sb = new StringBuilder(32);
+            for (int i = 0; i < padding; i++) {
+                sb.append('0'); // make sure the MD5 password is 32 digits long
+            }
+            sb.append(pwStr);
+            return sb.toString();
         } catch (NoSuchAlgorithmException e) {
             throw new CloudRuntimeException("Unable to hash password", e);
         }
 
-        md5.reset();
-        BigInteger pwInt = new BigInteger(1, md5.digest(password.getBytes()));
-        String pwStr = pwInt.toString(16);
-        int padding = 32 - pwStr.length();
-        StringBuffer sb = new StringBuffer();
-        for (int i = 0; i < padding; i++) {
-            sb.append('0'); // make sure the MD5 password is 32 digits long
-        }
-        sb.append(pwStr);
-        return sb.toString();
     }
 }
diff --git a/plugins/user-authenticators/md5/test/com/cloud/server/auth/MD5UserAuthenticatorTest.java b/plugins/user-authenticators/md5/test/com/cloud/server/auth/MD5UserAuthenticatorTest.java
new file mode 100644
index 00000000000..e9d4dcd6d33
--- /dev/null
+++ b/plugins/user-authenticators/md5/test/com/cloud/server/auth/MD5UserAuthenticatorTest.java
@@ -0,0 +1,64 @@
+package com.cloud.server.auth;
+
+import java.lang.reflect.Field;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.runners.MockitoJUnitRunner;
+
+import com.cloud.server.auth.UserAuthenticator.ActionOnFailedAuthentication;
+import com.cloud.user.UserAccountVO;
+import com.cloud.user.dao.UserAccountDao;
+import com.cloud.utils.Pair;
+
+@RunWith(MockitoJUnitRunner.class)
+public class MD5UserAuthenticatorTest {
+    @Mock
+    UserAccountDao dao;
+
+    @Test
+    public void encode() {
+        Assert.assertEquals("5f4dcc3b5aa765d61d8327deb882cf99",
+                new MD5UserAuthenticator().encode("password"));
+    }
+
+    @Test
+    public void authenticate() throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
+        MD5UserAuthenticator authenticator = new MD5UserAuthenticator();
+        Field daoField = MD5UserAuthenticator.class.getDeclaredField("_userAccountDao");
+        daoField.setAccessible(true);
+        daoField.set(authenticator, dao);
+        UserAccountVO account = new UserAccountVO();
+        account.setPassword("5f4dcc3b5aa765d61d8327deb882cf99");
+        Mockito.when(dao.getUserAccount(Mockito.anyString(), Mockito.anyLong())).thenReturn(account);
+        Pair<Boolean, ActionOnFailedAuthentication> pair = authenticator.authenticate("admin", "password", 1l, null);
+        Assert.assertTrue(pair.first());
+    }
+
+    @Test
+    public void authenticateBadPass() throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
+        MD5UserAuthenticator authenticator = new MD5UserAuthenticator();
+        Field daoField = MD5UserAuthenticator.class.getDeclaredField("_userAccountDao");
+        daoField.setAccessible(true);
+        daoField.set(authenticator, dao);
+        UserAccountVO account = new UserAccountVO();
+        account.setPassword("surprise");
+        Mockito.when(dao.getUserAccount(Mockito.anyString(), Mockito.anyLong())).thenReturn(account);
+        Pair<Boolean, ActionOnFailedAuthentication> pair = authenticator.authenticate("admin", "password", 1l, null);
+        Assert.assertFalse(pair.first());
+    }
+
+    @Test
+    public void authenticateBadUser() throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
+        MD5UserAuthenticator authenticator = new MD5UserAuthenticator();
+        Field daoField = MD5UserAuthenticator.class.getDeclaredField("_userAccountDao");
+        daoField.setAccessible(true);
+        daoField.set(authenticator, dao);
+        Mockito.when(dao.getUserAccount(Mockito.anyString(), Mockito.anyLong())).thenReturn(null);
+        Pair<Boolean, ActionOnFailedAuthentication> pair = authenticator.authenticate("admin", "password", 1l, null);
+        Assert.assertFalse(pair.first());
+    }
+}