From 35c234560342f1ce5e259679a983d51cec0e2858 Mon Sep 17 00:00:00 2001
From: Yevhenii Dumskyi <yevhenii.dumskyi@gmail.com>
Date: Mon, 5 Nov 2018 14:34:03 +0200
Subject: [PATCH] Add additional check if password hash is empty in auth
 process

---
 app/code/Magento/Customer/Model/Authentication.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/code/Magento/Customer/Model/Authentication.php b/app/code/Magento/Customer/Model/Authentication.php
index 0967f1a0189e..b0729647d7ee 100644
--- a/app/code/Magento/Customer/Model/Authentication.php
+++ b/app/code/Magento/Customer/Model/Authentication.php
@@ -167,7 +167,7 @@ public function authenticate($customerId, $password)
     {
         $customerSecure = $this->customerRegistry->retrieveSecureData($customerId);
         $hash = $customerSecure->getPasswordHash();
-        if (!$this->encryptor->validateHash($password, $hash)) {
+        if (!$hash || !$this->encryptor->validateHash($password, $hash)) {
             $this->processAuthenticationFailure($customerId);
             if ($this->isLocked($customerId)) {
                 throw new UserLockedException(__('The account is locked.'));