diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md
index 7ce1a4318ac44..e29de9f794085 100644
--- a/src/Symfony/Component/Security/CHANGELOG.md
+++ b/src/Symfony/Component/Security/CHANGELOG.md
@@ -4,6 +4,7 @@ CHANGELOG
 2.3.0
 -----
 
+ * [BC BREAK] return 401 instead of 500 when using use_forward during for form authentication
  * added a `require_previous_session` option to `AbstractAuthenticationListener`
 
 2.2.0
diff --git a/src/Symfony/Component/Security/Http/EntryPoint/FormAuthenticationEntryPoint.php b/src/Symfony/Component/Security/Http/EntryPoint/FormAuthenticationEntryPoint.php
index 2170e9ede73a6..3eaae820c3d9b 100644
--- a/src/Symfony/Component/Security/Http/EntryPoint/FormAuthenticationEntryPoint.php
+++ b/src/Symfony/Component/Security/Http/EntryPoint/FormAuthenticationEntryPoint.php
@@ -53,7 +53,12 @@ public function start(Request $request, AuthenticationException $authException =
         if ($this->useForward) {
             $subRequest = $this->httpUtils->createRequest($request, $this->loginPath);
 
-            return $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
+            $response = $this->httpKernel->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
+            if (200 === $response->getStatusCode()) {
+                $response->headers->set('X-Status-Code', 401);
+            }
+
+            return $response;
         }
 
         return $this->httpUtils->createRedirectResponse($request, $this->loginPath);
diff --git a/src/Symfony/Component/Security/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php b/src/Symfony/Component/Security/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php
index 1cf2c2d21a5ed..cbec1bdd63154 100644
--- a/src/Symfony/Component/Security/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php
+++ b/src/Symfony/Component/Security/Tests/Http/EntryPoint/FormAuthenticationEntryPointTest.php
@@ -50,7 +50,7 @@ public function testStartWithUseForward()
     {
         $request = $this->getMock('Symfony\Component\HttpFoundation\Request', array(), array(), '', false, false);
         $subRequest = $this->getMock('Symfony\Component\HttpFoundation\Request', array(), array(), '', false, false);
-        $response = $this->getMock('Symfony\Component\HttpFoundation\Response');
+        $response = new \Symfony\Component\HttpFoundation\Response('', 200);
 
         $httpUtils = $this->getMock('Symfony\Component\Security\Http\HttpUtils');
         $httpUtils
@@ -70,6 +70,9 @@ public function testStartWithUseForward()
 
         $entryPoint = new FormAuthenticationEntryPoint($httpKernel, $httpUtils, '/the/login/path', true);
 
-        $this->assertEquals($response, $entryPoint->start($request));
+        $entryPointResponse = $entryPoint->start($request);
+
+        $this->assertEquals($response, $entryPointResponse);
+        $this->assertEquals(401, $entryPointResponse->headers->get('X-Status-Code'));
     }
 }