diff --git a/src/box/applier.cc b/src/box/applier.cc
index a374ff50d761c9bd18a6a5b86e1079a43c728b5a..42374f8866c78266dadbfe54d6b81f46c9d32705 100644
--- a/src/box/applier.cc
+++ b/src/box/applier.cc
@@ -373,7 +373,9 @@ applier_connect(struct applier *applier)
 	/* Authenticate */
 	applier_set_state(applier, APPLIER_AUTH);
 	xrow_encode_auth_xc(&row, greeting.salt, greeting.salt_len, uri->login,
-			    uri->login_len, uri->password, uri->password_len);
+			    uri->login_len,
+			    uri->password != NULL ? uri->password : "",
+			    uri->password_len);
 	coio_write_xrow(coio, &row);
 	coio_read_xrow(coio, ibuf, &row);
 	applier->last_row_time = ev_monotonic_now(loop());
diff --git a/test/replication/gh-4605-empty-password.result b/test/replication/gh-4605-empty-password.result
new file mode 100644
index 0000000000000000000000000000000000000000..defdfcfcdf37b1742f38fa6518e05cef09904782
--- /dev/null
+++ b/test/replication/gh-4605-empty-password.result
@@ -0,0 +1,62 @@
+-- test-run result file version 2
+test_run = require('test_run').new()
+ | ---
+ | ...
+
+--
+-- gh-4605: replication and netbox both use URI as a remote
+-- resource identifier. If URI does not contain a password, netbox
+-- assumes it is an empty string - ''. But replication's applier
+-- wasn't assuming the same, and just didn't send a password at
+-- all, when it was not specified in the URI. It led to a strange
+-- error message and inconsistent behaviour. The test checks, that
+-- replication now also uses an empty string password by default.
+
+box.schema.user.create('test_user', {password = ''})
+ | ---
+ | ...
+box.schema.user.grant('test_user', 'replication')
+ | ---
+ | ...
+
+test_run:cmd("create server replica_auth with rpl_master=default, script='replication/replica_auth.lua'")
+ | ---
+ | - true
+ | ...
+test_run:cmd("start server replica_auth with wait=True, wait_load=True, args='test_user 0.1'")
+ | ---
+ | - true
+ | ...
+
+test_run:switch('replica_auth')
+ | ---
+ | - true
+ | ...
+i = box.info
+ | ---
+ | ...
+i.replication[i.id % 2 + 1].upstream.status == 'follow' or i
+ | ---
+ | - true
+ | ...
+
+test_run:switch('default')
+ | ---
+ | - true
+ | ...
+test_run:cmd("stop server replica_auth")
+ | ---
+ | - true
+ | ...
+test_run:cmd("cleanup server replica_auth")
+ | ---
+ | - true
+ | ...
+test_run:cmd("delete server replica_auth")
+ | ---
+ | - true
+ | ...
+
+box.schema.user.drop('test_user')
+ | ---
+ | ...
diff --git a/test/replication/gh-4605-empty-password.test.lua b/test/replication/gh-4605-empty-password.test.lua
new file mode 100644
index 0000000000000000000000000000000000000000..f42a55f81c5d362d008fc29e57c221471907d292
--- /dev/null
+++ b/test/replication/gh-4605-empty-password.test.lua
@@ -0,0 +1,27 @@
+test_run = require('test_run').new()
+
+--
+-- gh-4605: replication and netbox both use URI as a remote
+-- resource identifier. If URI does not contain a password, netbox
+-- assumes it is an empty string - ''. But replication's applier
+-- wasn't assuming the same, and just didn't send a password at
+-- all, when it was not specified in the URI. It led to a strange
+-- error message and inconsistent behaviour. The test checks, that
+-- replication now also uses an empty string password by default.
+
+box.schema.user.create('test_user', {password = ''})
+box.schema.user.grant('test_user', 'replication')
+
+test_run:cmd("create server replica_auth with rpl_master=default, script='replication/replica_auth.lua'")
+test_run:cmd("start server replica_auth with wait=True, wait_load=True, args='test_user 0.1'")
+
+test_run:switch('replica_auth')
+i = box.info
+i.replication[i.id % 2 + 1].upstream.status == 'follow' or i
+
+test_run:switch('default')
+test_run:cmd("stop server replica_auth")
+test_run:cmd("cleanup server replica_auth")
+test_run:cmd("delete server replica_auth")
+
+box.schema.user.drop('test_user')
diff --git a/test/replication/suite.cfg b/test/replication/suite.cfg
index 0848eecd61eaf8c74a91af6bdf319871b3039610..cd686a0e2c6496ad682b2281c5ea504fc3c84629 100644
--- a/test/replication/suite.cfg
+++ b/test/replication/suite.cfg
@@ -12,6 +12,7 @@
     "long_row_timeout.test.lua": {},
     "join_without_snap.test.lua": {},
     "gh-4402-info-errno.test.lua": {},
+    "gh-4605-empty-password.test.lua": {},
     "gh-4606-admin-creds.test.lua": {},
     "*": {
         "memtx": {"engine": "memtx"},