PlaintextPasswordEncoder ignores null encoded passwords

Fixes gh-7023

core/src/main/java/org/springframework/security/authentication/encoding/PlaintextPasswordEncoder.java

@@ -51,6 +51,9 @@ public class PlaintextPasswordEncoder extends BasePasswordEncoder {
 	}
 
 	public boolean isPasswordValid(String encPass, String rawPass, Object salt) {
+		if (encPass == null) {
+			return false;
+		}
 		String pass1 = encPass + "";
 
 		// Strict delimiters is false because pass2 never persisted anywhere

core/src/test/java/org/springframework/security/authentication/encoding/PlaintextPasswordEncoderTests.java

@@ -70,4 +70,10 @@ public class PlaintextPasswordEncoderTests {
 		assertThat(demerged[0]).isEqualTo("password");
 		assertThat(demerged[1]).isEqualTo("foo");
 	}
+
+	@Test
+	public void testNull() {
+		PlaintextPasswordEncoder encoder = new PlaintextPasswordEncoder();
+		assertThat(encoder.isPasswordValid(null, "null", null)).isFalse();
+	}
 }