diff --git a/lib/url.c b/lib/url.c
index bebf51df1ff4fa2c67652b8c897b6e22124e411c..ef2732b0670b161d071572a4a344fdfbbb59a475 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2351,6 +2351,8 @@ static CURLcode CreateConnection(struct SessionHandle *data,
           char proxyuser[MAX_CURL_USER_LENGTH];
           char proxypasswd[MAX_CURL_PASSWORD_LENGTH];
 
+          char *fineptr;
+
           /* skip the possible protocol piece */
           ptr=strstr(proxy, "://");
           if(ptr)
@@ -2358,9 +2360,12 @@ static CURLcode CreateConnection(struct SessionHandle *data,
           else
             ptr = proxy;
 
+          fineptr = ptr;
+
           /* check for an @-letter */
           ptr = strchr(ptr, '@');
-          if(ptr && (2 == sscanf(proxy, "%" MAX_CURL_USER_LENGTH_TXT"[^:]:"
+          if(ptr && (2 == sscanf(fineptr,
+                                 "%" MAX_CURL_USER_LENGTH_TXT"[^:]:"
                                  "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]",
                                  proxyuser, proxypasswd))) {
             /* found user and password, rip them out */
@@ -2378,7 +2383,7 @@ static CURLcode CreateConnection(struct SessionHandle *data,
             
             conn->bits.proxy_user_passwd = TRUE; /* enable it */
 
-            ptr = strdup(ptr+1);
+            ptr = strdup(ptr+1); /* the right side of the @-letter */
             free(proxy); /* free the former data */
             proxy = ptr; /* now use this instead */
           }
diff --git a/tests/data/test63 b/tests/data/test63
index dc5e8ad1e80c69a3d1211abac29a33d051fbf78a..3806237e9639fd8d7d44ea1ada9e88cc8477caf6 100644
--- a/tests/data/test63
+++ b/tests/data/test63
@@ -32,7 +32,7 @@ http://we.want.that.site.com/63
 </strip>
 <protocol>
 GET http://we.want.that.site.com/63 HTTP/1.1
-Proxy-authorization: Basic aHR0cDovL2Zha2U6dXNlcg==
+Proxy-authorization: Basic ZmFrZTp1c2Vy
 Host: we.want.that.site.com
 Pragma: no-cache
 Accept: */*