diff --git a/test/unit/node/util.test.ts b/test/unit/node/util.test.ts
index 1455a7e07..e37aeac92 100644
--- a/test/unit/node/util.test.ts
+++ b/test/unit/node/util.test.ts
@@ -349,6 +349,22 @@ describe("isCookieValid", () => {
     })
     expect(isValid).toBe(false)
   })
+  it("should return false and empty string as hashedPassword when passwordMethod is invalid", async () => {
+    const p = "password1"
+    const passwordValidation = await util.handlePasswordValidation({
+      // @ts-expect-error although this shouldn't ever happen, it ensures the default case in this function
+      // works as expected.
+      passwordMethod: "INVALID",
+      passwordFromRequestBody: p,
+      passwordFromArgs: undefined,
+      hashedPasswordFromArgs: undefined,
+    })
+
+    const matchesHash = await util.isHashMatch(p, passwordValidation.hashedPassword)
+
+    expect(passwordValidation.isPasswordValid).toBe(false)
+    expect(matchesHash).toBe(false)
+  })
 })
 
 describe("sanitizeString", () => {