diff --git a/cas_server/tests/test_utils.py b/cas_server/tests/test_utils.py
index d0199ce..79c3cb2 100644
--- a/cas_server/tests/test_utils.py
+++ b/cas_server/tests/test_utils.py
@@ -131,8 +131,12 @@ class CheckPasswordCase(TestCase):
         with self.assertRaises(utils.LdapHashUserPassword.BadHash):
             utils.check_password("ldap", self.password1, b"TOTOssdsdsd", "utf8")
         for scheme in schemes_salt:
+            # bad length
             with self.assertRaises(utils.LdapHashUserPassword.BadHash):
                 utils.check_password("ldap", self.password1, scheme + b"dG90b3E8ZHNkcw==", "utf8")
+            # bad base64
+            with self.assertRaises(utils.LdapHashUserPassword.BadHash):
+                utils.check_password("ldap", self.password1, scheme + b"dG90b3E8ZHNkcw", "utf8")
 
     def test_hex(self):
         """test all the hex_HASH method: the hashed password is a simple hash of the password"""
diff --git a/cas_server/utils.py b/cas_server/utils.py
index 23f7b14..c94ddf5 100644
--- a/cas_server/utils.py
+++ b/cas_server/utils.py
@@ -28,6 +28,7 @@ import six
 import requests
 import time
 import logging
+import binascii
 
 from importlib import import_module
 from datetime import datetime, timedelta
@@ -563,7 +564,7 @@ class LdapHashUserPassword(object):
         else:
             try:
                 hashed_passord = base64.b64decode(hashed_passord[len(scheme):])
-            except TypeError as error:
+            except (TypeError, binascii.Error) as error:
                 raise cls.BadHash("Bad base64: %s" % error)
             if len(hashed_passord) < cls._schemes_to_len[scheme]:
                 raise cls.BadHash("Hash too short for the scheme %s" % scheme)