diff --git a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java
index 8a5dc235e7..4fff3dd9d5 100644
--- a/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java
+++ b/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/token/OAuth2TokenEndpoint.java
@@ -92,6 +92,11 @@ public Response issueAccessToken(@Context HttpServletRequest request,
                         return handleBasicAuthFailure();
                     }
 
+                    //If a client sends an invalid base64 encoded clientid:clientsecret value, it results in this
+                    //array to only contain 1 element. This happens on specific errors though.
+                    if(clientCredentials == null || clientCredentials.length < 2){
+                        return handleBasicAuthFailure();
+                    }
                     // add the credentials available in Authorization header to the parameter map
                     paramMap.add(OAuth.OAUTH_CLIENT_ID, clientCredentials[0]);
                     paramMap.add(OAuth.OAUTH_CLIENT_SECRET, clientCredentials[1]);