diff --git a/domain-server/resources/web/settings/js/settings.js b/domain-server/resources/web/settings/js/settings.js
index dfdfeded04..e17a886e10 100644
--- a/domain-server/resources/web/settings/js/settings.js
+++ b/domain-server/resources/web/settings/js/settings.js
@@ -870,7 +870,7 @@ function saveSettings() {
   // check if we've set the basic http password - if so convert it to base64
   if (formJSON["security"]) {
     var password = formJSON["security"]["http_password"];
-    if (password.length > 0) {
+    if (password && password.length > 0) {
       formJSON["security"]["http_password"] = sha256_digest(password);
     }
   }
diff --git a/domain-server/src/DomainServer.cpp b/domain-server/src/DomainServer.cpp
index 4ff3564e72..16928f3dee 100644
--- a/domain-server/src/DomainServer.cpp
+++ b/domain-server/src/DomainServer.cpp
@@ -1678,10 +1678,12 @@ bool DomainServer::isAuthenticatedRequest(HTTPConnection* connection, const QUrl
                     // we've pulled a username and password - now check if there is a match in our basic auth hash
                     QString settingsUsername = valueForKeyPath(settingsMap, BASIC_AUTH_USERNAME_KEY_PATH)->toString();
                     const QVariant* settingsPasswordVariant = valueForKeyPath(settingsMap, BASIC_AUTH_PASSWORD_KEY_PATH);
+
                     QString settingsPassword = settingsPasswordVariant ? settingsPasswordVariant->toString() : "";
                     QString hexHeaderPassword = QCryptographicHash::hash(headerPassword.toUtf8(), QCryptographicHash::Sha256).toHex();
 
-                    if (settingsUsername == headerUsername && hexHeaderPassword == settingsPassword) {
+                    if (settingsUsername == headerUsername
+                        && (settingsPassword.isEmpty() || hexHeaderPassword == settingsPassword)) {
                         return true;
                     }
                 }