diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 23eef094..e7eee46b 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -139,6 +139,8 @@ class SessionsController < ApplicationController
     ldap_config[:base] = ENV['LDAP_BASE']
     ldap_config[:uid] = ENV['LDAP_UID']
 
+    return redirect_to(ldap_signin_path, alert: I18n.t("invalid_credentials")) unless session_params[:password].present?
+
     result = send_ldap_request(params[:session], ldap_config)
 
     return redirect_to(ldap_signin_path, alert: I18n.t("invalid_credentials")) unless result
diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb
index 38e078d1..abf0cdfc 100644
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@@ -591,5 +591,19 @@ describe SessionsController, type: :controller do
       expect(response).to redirect_to(ldap_signin_path)
       expect(flash[:alert]).to eq(I18n.t("invalid_credentials"))
     end
+
+    it "redirects to signin if no password provided" do
+      allow_any_instance_of(Net::LDAP).to receive(:bind_as).and_return(false)
+
+      post :ldap, params: {
+        session: {
+          user: "test",
+          password: '',
+        },
+      }
+
+      expect(response).to redirect_to(ldap_signin_path)
+      expect(flash[:alert]).to eq(I18n.t("invalid_credentials"))
+    end
   end
 end