diff --git a/hibernate-core/src/main/java/org/hibernate/internal/SessionFactoryImpl.java b/hibernate-core/src/main/java/org/hibernate/internal/SessionFactoryImpl.java
index 11da65c757..34a8f7965d 100644
--- a/hibernate-core/src/main/java/org/hibernate/internal/SessionFactoryImpl.java
+++ b/hibernate-core/src/main/java/org/hibernate/internal/SessionFactoryImpl.java
@@ -1594,6 +1594,8 @@ public final class SessionFactoryImpl implements SessionFactoryImplementor {
 
 	private void maskOutSensitiveInformation(Map<String, Object> props) {
 		maskOutIfSet( props, AvailableSettings.JPA_JDBC_USER );
+		maskOutIfSet( props, AvailableSettings.JPA_JDBC_PASSWORD );
+		maskOutIfSet( props, AvailableSettings.USER );
 		maskOutIfSet( props, AvailableSettings.PASS );
 	}
 
diff --git a/hibernate-core/src/test/java/org/hibernate/internal/MaskSensitiveInformationTest.java b/hibernate-core/src/test/java/org/hibernate/internal/MaskSensitiveInformationTest.java
new file mode 100644
index 0000000000..4cd9a4305b
--- /dev/null
+++ b/hibernate-core/src/test/java/org/hibernate/internal/MaskSensitiveInformationTest.java
@@ -0,0 +1,52 @@
+/*
+ * Hibernate, Relational Persistence for Idiomatic Java
+ *
+ * License: GNU Lesser General Public License (LGPL), version 2.1 or later.
+ * See the lgpl.txt file in the root directory or <http://www.gnu.org/licenses/lgpl-2.1.html>.
+ */
+package org.hibernate.internal;
+
+import java.util.Map;
+import javax.persistence.EntityManagerFactory;
+
+import org.hibernate.cfg.AvailableSettings;
+import org.hibernate.jpa.test.BaseEntityManagerFunctionalTestCase;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * Test that sensitive information is correctly masked.
+ *
+ * @author Bruno P. Kinoshita
+ */
+public class MaskSensitiveInformationTest extends BaseEntityManagerFunctionalTestCase {
+
+	private EntityManagerFactory entityManagerFactory;
+
+	private static final String EXPECTED_MASKED_VALUE = "****";
+
+	@Before
+	public void setUp() {
+		entityManagerFactory = entityManagerFactory();
+	}
+
+	@Override
+	@SuppressWarnings("unchecked")
+	protected void addConfigOptions(Map options) {
+		options.put( AvailableSettings.JPA_JDBC_USER, options.get( AvailableSettings.USER ) );
+		options.put( AvailableSettings.JPA_JDBC_PASSWORD, options.get( AvailableSettings.PASS ) );
+	}
+
+	@Test
+	public void testMaskOutSensitiveInformation() {
+		SessionFactoryImpl sessionFactory = entityManagerFactory.unwrap( SessionFactoryImpl.class );
+		Map<String, Object> properties = sessionFactory.getProperties();
+		assertEquals( EXPECTED_MASKED_VALUE, properties.get( AvailableSettings.USER ) );
+		assertEquals( EXPECTED_MASKED_VALUE, properties.get( AvailableSettings.PASS ) );
+		assertEquals( EXPECTED_MASKED_VALUE, properties.get( AvailableSettings.JPA_JDBC_USER ) );
+		assertEquals( EXPECTED_MASKED_VALUE, properties.get( AvailableSettings.JPA_JDBC_PASSWORD ) );
+	}
+}