diff --git a/src/openvpn/auth_token.c b/src/openvpn/auth_token.c
index 5de65cb62a4..c4b59b9946d 100644
--- a/src/openvpn/auth_token.c
+++ b/src/openvpn/auth_token.c
@@ -452,6 +452,7 @@ check_send_auth_token(struct context *c)
     }
 
     struct user_pass up;
+    CLEAR(up);
     strncpynt(up.username, multi->locked_username, sizeof(up.username));
 
     generate_auth_token(&up, multi);
diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c
index 35a02c27cb7..d21ce3164e0 100644
--- a/src/openvpn/pkcs11.c
+++ b/src/openvpn/pkcs11.c
@@ -238,6 +238,7 @@ _pkcs11_openvpn_pin_prompt(
 {
     struct user_pass token_pass;
     char prompt[1024];
+    CLEAR(token_pass);
 
     (void)global_data;
     (void)user_data;
diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c
index 93f6b4b1adf..b5cd536b125 100644
--- a/src/openvpn/socks.c
+++ b/src/openvpn/socks.c
@@ -96,7 +96,7 @@ socks_username_password_auth(struct socks_proxy_info *p,
     ssize_t size;
     bool ret = false;
 
-    creds.defined = 0;
+    CLEAR(creds);
     if (!get_user_pass(&creds, p->authfile, UP_TYPE_SOCKS, GET_USER_PASS_MANAGEMENT))
     {
         msg(M_NONFATAL, "SOCKS failed to get username/password.");