diff --git a/src/wps/wps_attr_process.c b/src/wps/wps_attr_process.c
index c1b59f7cf..ae6e906c2 100644
--- a/src/wps/wps_attr_process.c
+++ b/src/wps/wps_attr_process.c
@@ -257,6 +257,23 @@ static int wps_process_cred_802_1x_enabled(struct wps_credential *cred,
 }
 
 
+static void wps_workaround_cred_key(struct wps_credential *cred)
+{
+	if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK) &&
+	    cred->key_len > 8 && cred->key_len < 64 &&
+	    cred->key[cred->key_len - 1] == 0) {
+		/*
+		 * A deployed external registrar is known to encode ASCII
+		 * passphrases incorrectly. Remove the extra NULL termination
+		 * to fix the encoding.
+		 */
+		wpa_printf(MSG_DEBUG, "WPS: Workaround - remove NULL "
+			   "termination from ASCII passphrase");
+		cred->key_len--;
+	}
+}
+
+
 int wps_process_cred(struct wps_parse_attr *attr,
 		     struct wps_credential *cred)
 {
@@ -279,6 +296,8 @@ int wps_process_cred(struct wps_parse_attr *attr,
 	    wps_process_cred_802_1x_enabled(cred, attr->dot1x_enabled))
 		return -1;
 
+	wps_workaround_cred_key(cred);
+
 	return 0;
 }
 
@@ -298,5 +317,7 @@ int wps_process_ap_settings(struct wps_parse_attr *attr,
 	    wps_process_cred_mac_addr(cred, attr->mac_addr))
 		return -1;
 
+	wps_workaround_cred_key(cred);
+
 	return 0;
 }