diff --git a/src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php b/src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php
index 81d4c04838619..6b23a2367aa6d 100644
--- a/src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php
+++ b/src/Symfony/Component/Security/Http/EventListener/PasswordMigratingListener.php
@@ -50,6 +50,10 @@ public function onLoginSuccess(LoginSuccessEvent $event): void
         }
 
         $user = $passport->getUser();
+        if (null === $user->getPassword()) {
+            return;
+        }
+
         $passwordEncoder = $this->encoderFactory->getEncoder($user);
         if (!$passwordEncoder->needsRehash($user->getPassword())) {
             return;
diff --git a/src/Symfony/Component/Security/Http/Tests/EventListener/PasswordMigratingListenerTest.php b/src/Symfony/Component/Security/Http/Tests/EventListener/PasswordMigratingListenerTest.php
index 285472f037137..2d925fa220dc8 100644
--- a/src/Symfony/Component/Security/Http/Tests/EventListener/PasswordMigratingListenerTest.php
+++ b/src/Symfony/Component/Security/Http/Tests/EventListener/PasswordMigratingListenerTest.php
@@ -108,6 +108,16 @@ public function testUpgradeWithoutUpgrader()
         $this->listener->onLoginSuccess($event);
     }
 
+    public function testUserWithoutPassword()
+    {
+        $this->user = new User('test', null);
+
+        $this->encoderFactory->expects($this->never())->method('getEncoder');
+
+        $event = $this->createEvent(new SelfValidatingPassport(new UserBadge('test', function () { return $this->user; }), [new PasswordUpgradeBadge('pa$$word')]));
+        $this->listener->onLoginSuccess($event);
+    }
+
     private function createPasswordUpgrader()
     {
         return $this->createMock(MigratingUserProvider::class);