diff --git a/lib/private/share/share.php b/lib/private/share/share.php
index 41b60ecc638..c0285125234 100644
--- a/lib/private/share/share.php
+++ b/lib/private/share/share.php
@@ -737,6 +737,7 @@ class Share extends Constants {
 
 				// Generate hash of password - same method as user passwords
 				if (!empty($shareWith)) {
+					self::verifyPassword($shareWith);
 					$shareWith = \OC::$server->getHasher()->hash($shareWith);
 				} else {
 					// reuse the already set password, but only if we change permissions
@@ -1218,7 +1219,7 @@ class Share extends Constants {
 	}
 
 	/**
-	 * Set expiration date for a share
+	 * Set password for a public link share
 	 *
 	 * @param IUserSession $userSession
 	 * @param IDBConnection $connection
@@ -1252,6 +1253,8 @@ class Share extends Constants {
 			throw new \Exception('Cannot remove password');
 		}
 
+		self::verifyPassword($password);
+
 		$qb = $connection->getQueryBuilder();
 		$qb->update('*PREFIX*share')
 			->set('share_with', $qb->createParameter('pass'))
@@ -2604,4 +2607,23 @@ class Share extends Constants {
 		$result = \OC::$server->getDatabaseConnection()->executeQuery($query, [$id]);
 		return $result->fetchAll();
 	}
+
+	/**
+	 * @param string $password
+	 * @throws \Exception
+	 */
+	private static function verifyPassword($password) {
+
+		$accepted = true;
+		$message = '';
+		\OCP\Util::emitHook('\OC\Share', 'verifyPassword', [
+			'password' => $password,
+			'accepted' => &$accepted,
+			'message' => &$message
+		]);
+
+		if (!$accepted) {
+			throw new \Exception($message);
+		}
+	}
 }
diff --git a/lib/public/share.php b/lib/public/share.php
index 86e6deb9194..0f5c68c576d 100644
--- a/lib/public/share.php
+++ b/lib/public/share.php
@@ -344,7 +344,7 @@ class Share extends \OC\Share\Constants {
 	}
 
 	/**
-	 * Set expiration date for a share
+	 * Set password for a public link share
 	 * @param int $shareId
 	 * @param string $password
 	 * @return boolean