diff --git a/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php b/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
index 5e8e3955f0fdb12ee43f27013201c173b5b6282f..bbd7c8a5aa035e47ab82b643b998664c72f449dc 100644
--- a/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
+++ b/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
@@ -517,7 +517,8 @@ abstract class AbstractUserAuthentication implements LoggerAwareInterface
             $subType = 'getUser' . $this->loginType;
             /** @var AuthenticationService $serviceObj */
             foreach ($this->getAuthServices($subType, $loginData, $authInfo) as $serviceObj) {
-                if ($row = $serviceObj->getUser()) {
+                $row = $serviceObj->getUser();
+                if (is_array($row)) {
                     $tempuserArr[] = $row;
                     $this->logger->debug('User found', [
                         $this->userid_column => $row[$this->userid_column],
@@ -542,14 +543,17 @@ abstract class AbstractUserAuthentication implements LoggerAwareInterface
 
         // If no new user was set we use the already found user session
         if (empty($tempuserArr) && $haveSession && !$anonymousSession) {
-            $tempuserArr[] = $authInfo['user'];
-            $tempuser = $authInfo['user'];
-            // User is authenticated because we found a user session
-            $authenticated = true;
-            $this->logger->debug('User session used', [
-                $this->userid_column => $authInfo['user'][$this->userid_column],
-                $this->username_column => $authInfo['user'][$this->username_column],
-            ]);
+            // Check if the previous services returned a proper user
+            if (is_array($authInfo['user'] ?? null)) {
+                $tempuserArr[] = $authInfo['user'];
+                $tempuser = $authInfo['user'];
+                // User is authenticated because we found a user session
+                $authenticated = true;
+                $this->logger->debug('User session used', [
+                    $this->userid_column => $authInfo['user'][$this->userid_column] ?? '',
+                    $this->username_column => $authInfo['user'][$this->username_column] ?? '',
+                ]);
+            }
         }
         // Re-auth user when 'auth'-service option is set
         if (!empty($authConfiguration[$this->loginType . '_alwaysAuthUser'])) {
@@ -595,7 +599,7 @@ abstract class AbstractUserAuthentication implements LoggerAwareInterface
             // Insert session record if needed:
             if (!$haveSession
                 || $anonymousSession
-                || (int)$tempuser['uid'] !== $this->userSession->getUserId()
+                || (int)($tempuser['uid'] ?? 0) !== $this->userSession->getUserId()
             ) {
                 $sessionData = $this->userSession->getData();
                 // Create a new session with a fixated user
diff --git a/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php b/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php
index a45529da8c9c129c39f2ef56c78a36df87992196..96ce62aafc22c1995b4944fc0270a86874be1df0 100644
--- a/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php
+++ b/typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php
@@ -300,10 +300,10 @@ class FrontendUserAuthentication extends AbstractUserAuthentication
         }
         foreach ($groupDataArr as $groupData) {
             $groupId = (int)$groupData['uid'];
-            $this->groupData['title'][$groupId] = $groupData['title'];
-            $this->groupData['uid'][$groupId] = $groupData['uid'];
-            $this->groupData['pid'][$groupId] = $groupData['pid'];
-            $this->TSdataArray[] = $groupData['TSconfig'];
+            $this->groupData['title'][$groupId] = $groupData['title'] ?? '';
+            $this->groupData['uid'][$groupId] = $groupData['uid'] ?? 0;
+            $this->groupData['pid'][$groupId] = $groupData['pid'] ?? 0;
+            $this->TSdataArray[] = $groupData['TSconfig'] ?? '';
             $this->userGroups[$groupId] = $groupData;
         }
         $this->TSdataArray[] = $this->user['TSconfig'] ?? '';
@@ -487,7 +487,7 @@ class FrontendUserAuthentication extends AbstractUserAuthentication
         }
         switch ($type) {
             case 'user':
-                if ($this->user['uid']) {
+                if ($this->user['uid'] ?? 0) {
                     if ($data === null) {
                         unset($this->uc[$key]);
                     } else {
@@ -533,8 +533,8 @@ class FrontendUserAuthentication extends AbstractUserAuthentication
      */
     public function updateOnlineTimestamp()
     {
-        if (!is_array($this->user) || !$this->user['uid']
-            || $this->user['is_online'] >= $GLOBALS['EXEC_TIME'] - 60) {
+        if (!is_array($this->user) || !($this->user['uid'] ?? 0)
+            || ($this->user['is_online'] ?? 0) >= $GLOBALS['EXEC_TIME'] - 60) {
             return;
         }
         $dbConnection = GeneralUtility::makeInstance(ConnectionPool::class)->getConnectionForTable($this->user_table);