diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java
index 9fc6dff754f605cff3cc2d16b80cad724f47c603..6d8d7bb7b5002569c4656b8d9120e7b6d8d826af 100644
--- a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java
+++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramMechanism.java
@@ -41,6 +41,10 @@ public abstract class ScramMechanism extends SaslMechanism {
                 }
             };
 
+    // For the SCRAM-SHA-1/SCRAM-SHA-1-PLUS SASL mechanism, servers SHOULD announce a hash
+    // iteration-count of at least 4096.
+    // https://datatracker.ietf.org/doc/html/rfc5802#section-5.1
+    private static final int ITERATION_COUNT_MINIMUM = 4096;
     private static final byte[] CLIENT_KEY_BYTES = "Client Key".getBytes();
     private static final byte[] SERVER_KEY_BYTES = "Server Key".getBytes();
     private static final Cache<CacheKey, KeyPair> CACHE =
@@ -188,6 +192,14 @@ public abstract class ScramMechanism extends SaslMechanism {
         if (iterationCount == null || iterationCount < 0) {
             throw new AuthenticationException("Server did not send iteration count");
         }
+
+        if (iterationCount < ITERATION_COUNT_MINIMUM) {
+            throw new AuthenticationException(
+                    String.format(
+                            "Weak iteration count. %d instead of %d",
+                            iterationCount, ITERATION_COUNT_MINIMUM));
+        }
+
         if (!nonce.startsWith(clientNonce)) {
             throw new AuthenticationException(
                     "Server nonce does not contain client nonce: " + nonce);