Comment 5 for bug 460499

"Invalid error. Bug in server software: error <%s/> not defined in section 6.4 SASL Errors of RFC 3920. Please consider reporting this bug to your server administrator."

Just popping up this error would be even easier to implement I think.
I'll do as you suggested.

However, also in the Login.tcl I found this comment:
                # Added 'bad-auth' which seems to be a ejabberd anachronism.
                set errcode [string map {bad-auth not-authorized} $errcode]

so it is mapping bad-auth to not-authorized.

According to the RFC you referenced, bad-auth is A) also not mentioned there, and B) my ejabberd server sends not-authorized. So I guess this bad-auth was for older versions of ejabberd?
I'd say this mapping should also be removed, what do you think?