diff --git a/vendor/magento/module-backend/App/Action/Plugin/Authentication.php b/vendor/magento/module-backend/App/Action/Plugin/Authentication.php
index 8227966e43f63..0cdd9f12107ce 100644
--- a/vendor/magento/module-backend/App/Action/Plugin/Authentication.php
+++ b/vendor/magento/module-backend/App/Action/Plugin/Authentication.php
@@ -102,6 +102,8 @@ public function __construct(
     }

     /**
+     * Ensures user is authenticated before accessing backend action controllers.
+     *
      * @param \Magento\Backend\App\AbstractAction $subject
      * @param \Closure $proceed
      * @param \Magento\Framework\App\RequestInterface $request
@@ -225,10 +227,9 @@ protected function _redirectIfNeededAfterLogin(\Magento\Framework\App\RequestInt

         // Checks, whether secret key is required for admin access or request uri is explicitly set
         if ($this->_url->useSecretKey()) {
-            $requestParts = explode('/', trim($request->getRequestUri(), '/'), 3);
-            $baseUrlPath = trim(parse_url($this->backendUrl->getBaseUrl(), PHP_URL_PATH), '/');
-            $routeIndex = empty($baseUrlPath) ? 0 : 1;
-            $requestUri = $this->_url->getUrl($requestParts[$routeIndex]);
+            // The requested URL has an invalid secret key and therefore redirecting to this URL
+            // will cause a security vulnerability.
+            $requestUri = $this->_url->getUrl($this->_url->getStartupPageUrl());
         } elseif ($request) {
             $requestUri = $request->getRequestUri();
         }