1 files changed, 9 insertions, 5 deletions

diff --git a/core/Service/LoginFlowV2Service.php b/core/Service/LoginFlowV2Service.php
index 74fe7fa0ac9..13bd18e0ffa 100644
--- a/core/Service/LoginFlowV2Service.php
+++ b/core/Service/LoginFlowV2Service.php
@@ -63,8 +63,12 @@ class LoginFlowV2Service {
 		try {
 			// Decrypt the apptoken
 			$privateKey = $this->crypto->decrypt($data->getPrivateKey(), $pollToken);
-			$appPassword = $this->decryptPassword($data->getAppPassword(), $privateKey);
-		} catch (\Exception $e) {
+		} catch (\Exception) {
+			throw new LoginFlowV2NotFoundException('Apptoken could not be decrypted');
+		}
+
+		$appPassword = $this->decryptPassword($data->getAppPassword(), $privateKey);
+		if ($appPassword === null) {
 			throw new LoginFlowV2NotFoundException('Apptoken could not be decrypted');
 		}
 
@@ -251,10 +255,10 @@ class LoginFlowV2Service {
 		return $encryptedPassword;
 	}
 
-	private function decryptPassword(string $encryptedPassword, string $privateKey): string {
+	private function decryptPassword(string $encryptedPassword, string $privateKey): ?string {
 		$encryptedPassword = base64_decode($encryptedPassword);
-		openssl_private_decrypt($encryptedPassword, $password, $privateKey, OPENSSL_PKCS1_OAEP_PADDING);
+		$success = openssl_private_decrypt($encryptedPassword, $password, $privateKey, OPENSSL_PKCS1_OAEP_PADDING);
 
-		return $password;
+		return $success ? $password : null;
 	}
 }