diff --git a/pkg/middlewares/auth/basic_auth.go b/pkg/middlewares/auth/basic_auth.go
index 2dce9775c0..198c8ca84e 100644
--- a/pkg/middlewares/auth/basic_auth.go
+++ b/pkg/middlewares/auth/basic_auth.go
@@ -44,7 +44,7 @@ func NewBasic(ctx context.Context, next http.Handler, authConfig dynamic.BasicAu
 	// To prevent timing attacks, we need to compute a hash even if the user is not found.
 	// We assume it to be safe only when the users hashes are all from the same algorithm,
 	// so we can pick the first one as a random hash to compute.
-	notFoundSecret := users[slices.Collect(maps.Values(users))[0]]
+	notFoundSecret := slices.Collect(maps.Values(users))[0]
 
 	ba := &basicAuth{
 		next:           next,
diff --git a/pkg/middlewares/auth/basic_auth_test.go b/pkg/middlewares/auth/basic_auth_test.go
index e70aa38d8a..baabfba195 100644
--- a/pkg/middlewares/auth/basic_auth_test.go
+++ b/pkg/middlewares/auth/basic_auth_test.go
@@ -14,6 +14,17 @@ import (
 	"github.com/traefik/traefik/v2/pkg/testhelpers"
 )
 
+func TestNewBasicNotFoundSecretIsSet(t *testing.T) {
+	auth := dynamic.BasicAuth{
+		Users: []string{"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"},
+	}
+	middleware, err := NewBasic(t.Context(), nil, auth, "authName")
+	require.NoError(t, err)
+
+	ba := middleware.(*basicAuth)
+	assert.Equal(t, "$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", ba.notFoundSecret)
+}
+
 func TestBasicAuthFail(t *testing.T) {
 	next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		fmt.Fprintln(w, "traefik")