diff --git a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
index c59246320d6..7810d678ed7 100644
--- a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2011 the original author or authors.
+ * Copyright 2002-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -119,6 +119,11 @@ public boolean matches(CharSequence rawPassword, String encodedPassword) {
 			return false;
 		}
 
+		if(rawPassword.toString() == null || rawPassword.toString.length() == 0){
+			logger.warn("Empty raw password");
+			return false;
+		}
+
 		return BCrypt.checkpw(rawPassword.toString(), encodedPassword);
 	}