diff --git a/hostapd/wps_hostapd.c b/hostapd/wps_hostapd.c
index 0a0b7cefc..cc1013c63 100644
--- a/hostapd/wps_hostapd.c
+++ b/hostapd/wps_hostapd.c
@@ -181,6 +181,9 @@ static int hostapd_wps_cred_cb(void *ctx, const struct wps_credential *cred)
 	int multi_bss;
 	int wpa;
 
+	wpa_hexdump_key(MSG_DEBUG, "WPS: Received Credential attribute",
+			cred->cred_attr, cred->cred_attr_len);
+
 	wpa_printf(MSG_DEBUG, "WPS: Received new AP Settings");
 	wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", cred->ssid, cred->ssid_len);
 	wpa_printf(MSG_DEBUG, "WPS: Authentication Type 0x%x",
diff --git a/src/wps/wps.h b/src/wps/wps.h
index b275cfd0d..1736d9e84 100644
--- a/src/wps/wps.h
+++ b/src/wps/wps.h
@@ -41,6 +41,9 @@ struct wps_registrar;
  * @key: Key
  * @key_len: Key length in octets
  * @mac_addr: MAC address of the peer
+ * @cred_attr: Unparsed Credential attribute data (used only in cred_cb());
+ *	this may be %NULL, if not used
+ * @cred_attr_len: Length of cred_attr in octets
  */
 struct wps_credential {
 	u8 ssid[32];
@@ -51,6 +54,8 @@ struct wps_credential {
 	u8 key[64];
 	size_t key_len;
 	u8 mac_addr[ETH_ALEN];
+	const u8 *cred_attr;
+	size_t cred_attr_len;
 };
 
 /**
diff --git a/src/wps/wps_enrollee.c b/src/wps/wps_enrollee.c
index f6a828d0f..1375536c9 100644
--- a/src/wps/wps_enrollee.c
+++ b/src/wps/wps_enrollee.c
@@ -630,8 +630,13 @@ static int wps_process_cred_e(struct wps_data *wps, const u8 *cred,
 	    wps_process_cred(&attr, &wps->cred))
 		return -1;
 
-	if (wps->wps->cred_cb)
+	if (wps->wps->cred_cb) {
+		wps->cred.cred_attr = cred - 4;
+		wps->cred.cred_attr_len = cred_len + 4;
 		wps->wps->cred_cb(wps->wps->cb_ctx, &wps->cred);
+		wps->cred.cred_attr = NULL;
+		wps->cred.cred_attr_len = 0;
+	}
 
 	return 0;
 }
@@ -661,7 +666,8 @@ static int wps_process_creds(struct wps_data *wps, const u8 *cred[],
 
 
 static int wps_process_ap_settings_e(struct wps_data *wps,
-				     struct wps_parse_attr *attr)
+				     struct wps_parse_attr *attr,
+				     struct wpabuf *attrs)
 {
 	struct wps_credential cred;
 
@@ -674,8 +680,11 @@ static int wps_process_ap_settings_e(struct wps_data *wps,
 	wpa_printf(MSG_INFO, "WPS: Received new AP configuration from "
 		   "Registrar");
 
-	if (wps->wps->cred_cb)
+	if (wps->wps->cred_cb) {
+		cred.cred_attr = wpabuf_head(attrs);
+		cred.cred_attr_len = wpabuf_len(attrs);
 		wps->wps->cred_cb(wps->wps->cb_ctx, &cred);
+	}
 
 	return 0;
 }
@@ -904,7 +913,7 @@ static enum wps_process_res wps_process_m8(struct wps_data *wps,
 	    wps_process_key_wrap_auth(wps, decrypted, eattr.key_wrap_auth) ||
 	    wps_process_creds(wps, eattr.cred, eattr.cred_len,
 			      eattr.num_cred) ||
-	    wps_process_ap_settings_e(wps, &eattr)) {
+	    wps_process_ap_settings_e(wps, &eattr, decrypted)) {
 		wpabuf_free(decrypted);
 		wps->state = SEND_WSC_NACK;
 		return WPS_CONTINUE;
diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c
index a69dfecda..fb1d83322 100644
--- a/wpa_supplicant/wps_supplicant.c
+++ b/wpa_supplicant/wps_supplicant.c
@@ -58,6 +58,9 @@ static int wpa_supplicant_wps_cred(void *ctx,
 
 	wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_CRED_RECEIVED);
 
+	wpa_hexdump_key(MSG_DEBUG, "WPS: Received Credential attribute",
+			cred->cred_attr, cred->cred_attr_len);
+
 	if (cred->auth_type != WPS_AUTH_OPEN &&
 	    cred->auth_type != WPS_AUTH_SHARED &&
 	    cred->auth_type != WPS_AUTH_WPAPSK &&