diff --git a/core/src/main/java/org/acegisecurity/providers/dao/PasswordDaoAuthenticationProvider.java b/core/src/main/java/org/acegisecurity/providers/dao/PasswordDaoAuthenticationProvider.java
index 57c3d38833..83955036d8 100644
--- a/core/src/main/java/org/acegisecurity/providers/dao/PasswordDaoAuthenticationProvider.java
+++ b/core/src/main/java/org/acegisecurity/providers/dao/PasswordDaoAuthenticationProvider.java
@@ -293,7 +293,7 @@ public class PasswordDaoAuthenticationProvider implements AuthenticationProvider
         UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(principal,
                 authentication.getCredentials(), user.getAuthorities());
         result.setDetails((authentication.getDetails() != null)
-            ? authentication.getDetails().toString() : null);
+            ? authentication.getDetails() : null);
 
         return result;
     }
diff --git a/doc/xdocs/changes.xml b/doc/xdocs/changes.xml
index ef80cd4ba4..8a5a2fe257 100644
--- a/doc/xdocs/changes.xml
+++ b/doc/xdocs/changes.xml
@@ -29,6 +29,7 @@
       <action dev="benalex" type="fix">Correct location of AuthenticationSimpleHttpInvokerRequestExecutor in clientContext.xml</action>
       <action dev="benalex" type="fix">TokenBasedRememberMeServices changed to use long instead of int for tokenValiditySeconds (SPR-807)</action>
       <action dev="benalex" type="fix">Handle null Authentication.getAuthorities() in AuthorizeTag</action>
+      <action dev="benalex" type="fix">PasswordDaoAuthenticationProvider no longer stores String against Authentication.setDetails()</action>
       <action dev="benalex" type="update">Add credentialsExpiredFailureUrl getter/setter to AbstractProcessingFilter</action>
       <action dev="benalex" type="update">Update commons-codec dependency to 1.3</action>
       <action dev="raykrueger" type="update">AbstractProcessingFilter no longer has setters for failures, it uses the exceptionMappings property</action>