diff --git a/app/models/ability.rb b/app/models/ability.rb
index 04d820544..08fc5ac54 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -54,7 +54,11 @@ class Ability
     can(:delete,   Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.transfer_code == pw }
 
     # Epp::Contact
-    can(:info, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || pw.blank? ? true : c.auth_info == pw }
+    can(:info, Epp::Contact) do |c, pw| 
+      c.registrar_id == @user.registrar_id ||
+        pw.blank? ? true : c.auth_info == pw ||
+        c.transferred_passwords.include?(pw)
+    end
     can(:view_full_info, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
     can(:check,  Epp::Contact)
     can(:create, Epp::Contact)
diff --git a/app/models/epp/contact.rb b/app/models/epp/contact.rb
index 35691d789..5f694b085 100644
--- a/app/models/epp/contact.rb
+++ b/app/models/epp/contact.rb
@@ -16,6 +16,10 @@ class Epp::Contact < Contact
     throw(:abort)
   end
 
+  def transferred_passwords
+    domains.pluck(:transfer_code)
+  end
+
   class << self
     # support legacy search
     def find_by_epp_code(code)