diff --git a/api/middleware.go b/api/middleware.go
index 1ddc08e0f2d0e98fae26ed3b754f0b8aba101174..2301786381ab762dfe299aa4404ea7ec233a7a22 100644
--- a/api/middleware.go
+++ b/api/middleware.go
@@ -89,6 +89,12 @@ func (m *middleware) basicAuth(next http.Handler) http.Handler {
 			return
 		}
 
+		if username == "" || password == "" {
+			logger.Error("[API][BasicAuth] [ClientIP=%s] Empty username or password", clientIP)
+			json.Unauthorized(w, r)
+			return
+		}
+
 		if err := m.store.CheckPassword(username, password); err != nil {
 			logger.Error("[API][BasicAuth] [ClientIP=%s] Invalid username or password: %s", clientIP, username)
 			json.Unauthorized(w, r)