diff --git a/src/core/plugins/oas3/components/http-auth.jsx b/src/core/plugins/oas3/components/http-auth.jsx
index 5e991b49..5df10ddf 100644
--- a/src/core/plugins/oas3/components/http-auth.jsx
+++ b/src/core/plugins/oas3/components/http-auth.jsx
@@ -33,7 +33,8 @@ export default class HttpAuth extends React.Component {
     let { onChange } = this.props
     let { value, name } = e.target
 
-    let newValue = this.state.value || {}
+    let newValue = Object.assign({}, this.state.value)
+
     if(name) {
       newValue[name] = value
     } else {
diff --git a/test/e2e/scenarios/bugs/4196.js b/test/e2e/scenarios/bugs/4196.js
new file mode 100644
index 00000000..9b92da49
--- /dev/null
+++ b/test/e2e/scenarios/bugs/4196.js
@@ -0,0 +1,44 @@
+describe("bug #4196: HTTP basic auth credential retention", function () {
+    let mainPage
+    beforeEach(function (client, done) {
+        mainPage = client
+            .url("localhost:3230")
+            .page.main()
+
+        client.waitForElementVisible(".download-url-input", 5000)
+            .pause(80)
+            .clearValue(".download-url-input")
+            .setValue(".download-url-input", "http://localhost:3230/test-specs/bugs/4196.yaml")
+            .click("button.download-url-button")
+            .pause(1000)
+
+        done()
+    })
+    afterEach(function (client, done) {
+        done()
+    })
+    it("should display the most recent auth data across modal close/opens", function (client) {
+        client.waitForElementVisible(".opblock-tag-section", 10000)
+            .click("button.btn.authorize") // Open modal
+            .waitForElementVisible("section>input", 5000)
+            .setValue("section>input", "aaa") // Set user
+            .waitForElementVisible(`section>input[type="password"]`, 5000)
+            .setValue(`section>input[type="password"]`, "aaa") // Set password
+            .click(".auth-btn-wrapper button:nth-child(1)") // Click Authorize
+            .assert.containsText("div.wrapper:nth-child(4)>code", "aaa")
+            .click(".auth-btn-wrapper button:nth-child(2)") // Close modal
+            .pause(50)
+            .click("button.btn.authorize") // Open modal
+            .pause(50)
+            .click(".auth-btn-wrapper button:nth-child(1)") // Logout
+            .waitForElementVisible("section>input", 5000)
+            .setValue("section>input", "bbb") // Set user
+            .waitForElementVisible(`section>input[type="password"]`, 5000)
+            .setValue(`section>input[type="password"]`, "bbb") // Set password
+            .click(".auth-btn-wrapper button:nth-child(1)") // Click Authorize
+            .pause(5000)
+            .assert.containsText("div.wrapper:nth-child(4)>code", "bbb")
+
+        client.end()
+    })
+})
diff --git a/test/e2e/specs/bugs/4196.yaml b/test/e2e/specs/bugs/4196.yaml
new file mode 100644
index 00000000..c386843e
--- /dev/null
+++ b/test/e2e/specs/bugs/4196.yaml
@@ -0,0 +1,85 @@
+openapi: 3.0.0
+info:
+  title: Demo API
+  description: First test
+  termsOfService: 'http://demo.io/terms-of-service/'
+  contact:
+    name: Demo Support
+    email: support@demo.io
+  version: 1.0.0
+servers:
+  - url: '{server}/v1'
+    variables:
+      server:
+        default: https://api.demo.io
+        description: the API endpoint
+
+paths:
+  /session:
+    put:
+      summary: Returns a new authentication token
+      tags:
+        - session
+      security:
+        - basicAuth: []
+      responses:
+        '201':
+          description: A session object
+          content:
+            application/json:
+              schema:
+                allOf:
+                  - type: object
+                    properties:
+                      user_id:
+                        type: string
+                        format: uuid
+                        readOnly: true
+                        example: 110e8400-e29b-11d4-a716-446655440000
+                  - $ref: '#/components/schemas/Session'
+        '401':
+          $ref: '#/components/responses/Unauthorized'
+
+components:
+  securitySchemes:
+    basicAuth:
+      type: http
+      scheme: basic
+    bearerAuth:
+      type: http
+      scheme: bearer
+      bearerFormat: JWT
+  schemas:
+    Session:
+      required:
+        - token
+      properties:
+        token:
+          type: string
+          readOnly: true
+          example: >-
+            eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.EkN-DOsnsuRjRO6BxXemmJDm3HbxrbRzXglbN2S4sOkopdU4IsDxTI8jO19W_A4K8ZPJijNLis4EZsHeY559a4DFOd50_OqgHGuERTqYZyuhtF39yxJPAjUESwxk2J5k_4zM3O-vtd1Ghyo4IbqKKSy6J9mTniYJPenn5-HIirE
+
+    Error:
+      required:
+        - message
+      properties:
+        message:
+          description: a human readable message explaining the error
+          type: string
+        reason:
+          description: a functionnal key about the error
+          type: string
+  responses:
+    Unauthorized:
+      description: Not authenticated
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/Error'
+    Default:
+      description: unexpected error
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/Error'