diff --git a/lib/private/Security/Crypto.php b/lib/private/Security/Crypto.php
index 04d618bf37399af2655888235267be73b3dd6565..876f159950c9c55f35eb9921f3ff48ca033a20a2 100644
--- a/lib/private/Security/Crypto.php
+++ b/lib/private/Security/Crypto.php
@@ -108,15 +108,16 @@ class Crypto implements ICrypto {
 	 * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
 	 * @return string plaintext
 	 * @throws \Exception If the HMAC does not match
+	 * @throws \Exception If the decryption failed
 	 */
 	public function decrypt(string $authenticatedCiphertext, string $password = ''): string {
-		if($password === '') {
+		if ($password === '') {
 			$password = $this->config->getSystemValue('secret');
 		}
 		$this->cipher->setPassword($password);
 
 		$parts = explode('|', $authenticatedCiphertext);
-		if(\count($parts) !== 3) {
+		if (\count($parts) !== 3) {
 			throw new \Exception('Authenticated ciphertext could not be decoded.');
 		}
 
@@ -126,11 +127,16 @@ class Crypto implements ICrypto {
 
 		$this->cipher->setIV($iv);
 
-		if(!hash_equals($this->calculateHMAC($parts[0].$parts[1], $password), $hmac)) {
+		if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $password), $hmac)) {
 			throw new \Exception('HMAC does not match.');
 		}
 
-		return $this->cipher->decrypt($ciphertext);
+		$result = $this->cipher->decrypt($ciphertext);
+		if ($result === false) {
+			throw new \Exception('Decryption failed');
+		}
+
+		return $result;
 	}
 
 }
diff --git a/lib/public/Security/ICrypto.php b/lib/public/Security/ICrypto.php
index ef5bd2bf7c9a4c5e8f9d5cbd3532c42401e31c2f..3e17d461b644a7e7b46a17f1d8ebc3cd4223ca25 100644
--- a/lib/public/Security/ICrypto.php
+++ b/lib/public/Security/ICrypto.php
@@ -60,6 +60,7 @@ interface ICrypto {
 	 * @param string $password Password to encrypt, if not specified the secret from config.php will be taken
 	 * @return string plaintext
 	 * @throws \Exception If the HMAC does not match
+	 * @throws \Exception If the decryption failed
 	 * @since 8.0.0
 	 */
 	public function decrypt(string $authenticatedCiphertext, string $password = ''): string;