diff --git a/app/src/main/java/org/skinner/RestAPI.java b/app/src/main/java/org/skinner/RestAPI.java
index 89e1e4b..202a210 100644
--- a/app/src/main/java/org/skinner/RestAPI.java
+++ b/app/src/main/java/org/skinner/RestAPI.java
@@ -244,6 +244,11 @@ public class RestAPI extends SafeHttpHandler {
 		}
 		
 		String[] cerd = new String(Base64.getDecoder().decode(authParts[1])).split(":");
+		if (cerd.length != 2) {
+			text(exchange, 401, "Invalid cerdentials format");
+			return;
+		}
+		
 		Profile profile = Database.getProfileByName(cerd[0]);
 		
 		if (profile == null || !Profile.generateHash(cerd[1], profile.getSalt()).equals(profile.getPassword())) {