diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index e7bfcf56407..65caf26aa5b 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -411,8 +411,19 @@ class Session implements IUserSession, Emitter {
 			}
 
 			if ($isTokenPassword) {
-				$dbToken = $this->tokenProvider->getToken($password);
+				try {
+					$dbToken = $this->tokenProvider->getToken($password);
+				} catch (InvalidTokenException $ex) {
+					$this->handleLoginFailed($throttler, $currentDelay, $remoteAddress, $user, $password);
+					return false;
+				}
+
 				$userFromToken = $this->manager->get($dbToken->getUID());
+				if ($userFromToken === null) {
+					$this->handleLoginFailed($throttler, $currentDelay, $remoteAddress, $user, $password);
+					return false;
+				}
+
 				$isValidEmailLogin = $userFromToken->getEMailAddress() === $user
 					&& $this->validateTokenLoginName($userFromToken->getEMailAddress(), $dbToken);
 			} else {