diff --git a/src/controllers/write/users.js b/src/controllers/write/users.js
index 74f358c2f7..f571e27fb4 100644
--- a/src/controllers/write/users.js
+++ b/src/controllers/write/users.js
@@ -29,7 +29,7 @@ Users.update = async (req, res) => {
 	const [isAdminOrGlobalMod, canEdit, passwordMatch] = await Promise.all([
 		user.isAdminOrGlobalMod(req.user.uid),
 		privileges.users.canEdit(req.user.uid, req.params.uid),
-		user.isPasswordCorrect(req.body.uid, req.body.password, req.ip),
+		req.body.password ? user.isPasswordCorrect(req.body.uid, req.body.password, req.ip) : false,
 	]);
 
 	// Changing own email/username requires password confirmation