diff --git a/server/package-lock.json b/server/package-lock.json
index 713f3011b..d1e5640dd 100644
--- a/server/package-lock.json
+++ b/server/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@scrypted/server",
-  "version": "0.0.154",
+  "version": "0.0.155",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "@scrypted/server",
-      "version": "0.0.154",
+      "version": "0.0.155",
       "license": "ISC",
       "dependencies": {
         "@mapbox/node-pre-gyp": "^1.0.8",
diff --git a/server/package.json b/server/package.json
index 06483dca0..ee3eb0aba 100644
--- a/server/package.json
+++ b/server/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@scrypted/server",
-  "version": "0.0.154",
+  "version": "0.0.155",
   "description": "",
   "dependencies": {
     "@mapbox/node-pre-gyp": "^1.0.8",
diff --git a/server/src/scrypted-server-main.ts b/server/src/scrypted-server-main.ts
index d818c4c13..6baddd4ba 100644
--- a/server/src/scrypted-server-main.ts
+++ b/server/src/scrypted-server-main.ts
@@ -364,7 +364,6 @@ async function start() {
         const maxAge = 86400000;
 
         if (hasLogin) {
-
             const user = await db.tryGet(ScryptedUser, username);
             if (!user) {
                 res.send({
@@ -409,6 +408,14 @@ async function start() {
             return;
         }
 
+        if (!username || !password) {
+            res.send({
+                error: 'Username and password must not be empty.',
+                hasLogin,
+            });
+            return;
+        }
+
         const user = new ScryptedUser();
         user._id = username;
         user.salt = crypto.randomBytes(64).toString('base64');