diff --git a/Net/src/HTTPNTLMCredentials.cpp b/Net/src/HTTPNTLMCredentials.cpp
index 11fce2af4..4ecbe9528 100644
--- a/Net/src/HTTPNTLMCredentials.cpp
+++ b/Net/src/HTTPNTLMCredentials.cpp
@@ -117,6 +117,7 @@ std::string HTTPNTLMCredentials::createNTLMMessage(const std::string& responseAu
 	else
 	{
 		std::vector<unsigned char> buffer = NTLMCredentials::fromBase64(responseAuthParams);
+		if (buffer.empty()) throw HTTPException("Invalid NTLM challenge");
 		NTLMCredentials::ChallengeMessage challengeMsg;
 		if (NTLMCredentials::parseChallengeMessage(&buffer[0], buffer.size(), challengeMsg))
 		{
diff --git a/Net/src/SMTPClientSession.cpp b/Net/src/SMTPClientSession.cpp
index 16220c10d..bf29b564f 100644
--- a/Net/src/SMTPClientSession.cpp
+++ b/Net/src/SMTPClientSession.cpp
@@ -254,7 +254,8 @@ void SMTPClientSession::loginUsingNTLM(const std::string& username, const std::s
 	int status = sendCommand("AUTH NTLM", NTLMCredentials::toBase64(negotiateBuf), response);
 	if (status == 334)
 	{
-		std::vector<unsigned char> buffer = NTLMCredentials::fromBase64(response);
+		std::vector<unsigned char> buffer = NTLMCredentials::fromBase64(response.substr(4));
+		if (buffer.empty()) throw SMTPException("Invalid NTLM challenge");
 		NTLMCredentials::ChallengeMessage challengeMsg;
 		if (NTLMCredentials::parseChallengeMessage(&buffer[0], buffer.size(), challengeMsg))
 		{