diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java
index 10cd3167e583fb365e310f877989fb7faf40f405..c95a62df3c7d202497dc73f86b44c75c877a7d26 100644
--- a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java
+++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java
@@ -185,7 +185,7 @@ public class ScramSha1 extends SaslMechanism {
 			case RESPONSE_SENT:
 				final String clientCalculatedServerFinalMessage = "v=" +
 					Base64.encodeToString(serverSignature, Base64.NO_WRAP);
-				if (!clientCalculatedServerFinalMessage.equals(new String(Base64.decode(challenge, Base64.DEFAULT)))) {
+				if (challenge == null || !clientCalculatedServerFinalMessage.equals(new String(Base64.decode(challenge, Base64.DEFAULT)))) {
 					throw new AuthenticationException("Server final message does not match calculated final message");
 				}
 				state = State.VALID_SERVER_RESPONSE;