diff --git a/source/de/anomic/http/httpd.java b/source/de/anomic/http/httpd.java
index 853f290d4..ec49fb8a1 100644
--- a/source/de/anomic/http/httpd.java
+++ b/source/de/anomic/http/httpd.java
@@ -303,6 +303,7 @@ public final class httpd implements serverHandler {
         //if (authorization.length() < 6) return 1; // no authentication information given
         //authorization = authorization.trim().substring(6);
         String adminAccountBase64MD5 = sw.getConfig(ADMIN_ACCOUNT_B64MD5, "");
+        if (adminAccountBase64MD5.length() == 0) return 2; // no passwrd stored
         if (adminAccountBase64MD5.equals(serverCodings.encodeMD5Hex(authorization))) return 4; // hard-authenticated, all ok
         return 0;
     }
diff --git a/source/de/anomic/plasma/plasmaSwitchboard.java b/source/de/anomic/plasma/plasmaSwitchboard.java
index 120b2b574..ab4e222de 100644
--- a/source/de/anomic/plasma/plasmaSwitchboard.java
+++ b/source/de/anomic/plasma/plasmaSwitchboard.java
@@ -2992,7 +2992,6 @@ public final class plasmaSwitchboard extends serverAbstractSwitch implements ser
         
         // authorization by encoded password, only for localhost access
         if ((((String) header.get("CLIENTIP", "")).equals("localhost")) && (adminAccountBase64MD5.equals(authorization))) return 3; // soft-authenticated for localhost
-        if ((((String) header.get("CLIENTIP", "")).equals("localhost")) && (adminAccountBase64MD5.equals(""))) return 2; // no password set, yet. only for localhost
 
         // authorization by hit in userDB
         if (userDB.hasAdminRight((String) header.get(httpHeader.AUTHORIZATION, "xxxxxx"), ((String) header.get("CLIENTIP", "")), header.getHeaderCookies())) return 4; //return, because 4=max