diff --git a/Classes/Controller/AbstractController.php b/Classes/Controller/AbstractController.php
index d41434ee2..83aecbbd0 100644
--- a/Classes/Controller/AbstractController.php
+++ b/Classes/Controller/AbstractController.php
@@ -469,7 +469,7 @@ protected function redirectByAction(
     protected function isSpoof(User $user, int $uid, string $receivedToken): bool
     {
         $errorOnProfileUpdate = false;
-        $knownToken = GeneralUtility::hmac((string)$user->getUid(), (string)$user->getCrdate()->getTimestamp());
+        $knownToken = GeneralUtility::hmac((string)$user->getUid(), (string)($user->getCrdate() ?: new \DateTime('01.01.1970'))->getTimestamp());
 
         //check if the params are valid
         if (!is_string($receivedToken) || !hash_equals($knownToken, $receivedToken)) {
diff --git a/Classes/Controller/EditController.php b/Classes/Controller/EditController.php
index a5ff7613e..9b9cf4e59 100644
--- a/Classes/Controller/EditController.php
+++ b/Classes/Controller/EditController.php
@@ -39,7 +39,7 @@ public function editAction(): ResponseInterface
         if ($this->user) {
             $token = GeneralUtility::hmac(
                 (string)$this->user->getUid(),
-                (string)$this->user->getCrdate()->getTimestamp()
+                (string)($this->user->getCrdate() ?: new \DateTime('01.01.1970'))->getTimestamp()
             );
         }
         $this->view->assignMultiple([
diff --git a/Classes/Domain/Model/User.php b/Classes/Domain/Model/User.php
index aebb7ed8d..d11befc57 100644
--- a/Classes/Domain/Model/User.php
+++ b/Classes/Domain/Model/User.php
@@ -565,10 +565,6 @@ public function setCrdate($crdate)
      */
     public function getCrdate()
     {
-        if ($this->crdate === null) {
-            // timestamp is zero
-            $this->crdate = new DateTime('01.01.1970');
-        }
         return $this->crdate;
     }