diff --git a/internal/dataprovider/share.go b/internal/dataprovider/share.go
index 7e8a4798..06f6c915 100644
--- a/internal/dataprovider/share.go
+++ b/internal/dataprovider/share.go
@@ -89,6 +89,11 @@ func (s *Share) GetAllowedFromAsString() string {
 	return strings.Join(s.AllowFrom, ",")
 }
 
+// IsPasswordHashed returns true if the password is hashed
+func (s *Share) IsPasswordHashed() bool {
+	return util.IsStringPrefixInSlice(s.Password, hashPwdPrefixes)
+}
+
 func (s *Share) getACopy() Share {
 	allowFrom := make([]string, len(s.AllowFrom))
 	copy(allowFrom, s.AllowFrom)
diff --git a/internal/httpd/webclient.go b/internal/httpd/webclient.go
index 5cb58ac8..ffb3a1b3 100644
--- a/internal/httpd/webclient.go
+++ b/internal/httpd/webclient.go
@@ -706,6 +706,9 @@ func (s *httpdServer) renderAddUpdateSharePage(w http.ResponseWriter, r *http.Re
 		currentURL = fmt.Sprintf("%v/%v", webClientSharePath, url.PathEscape(share.ShareID))
 		title = util.I18nShareUpdateTitle
 	}
+	if share.IsPasswordHashed() {
+		share.Password = redactedSecret
+	}
 	data := clientSharePage{
 		baseClientPage: s.getBaseClientPageData(title, currentURL, w, r),
 		Share:          share,
@@ -1437,7 +1440,6 @@ func (s *httpdServer) handleClientUpdateShareGet(w http.ResponseWriter, r *http.
 	shareID := getURLParam(r, "id")
 	share, err := dataprovider.ShareExists(shareID, claims.Username)
 	if err == nil {
-		share.HideConfidentialData()
 		s.renderAddUpdateSharePage(w, r, &share, nil, false)
 	} else if errors.Is(err, util.ErrNotFound) {
 		s.renderClientNotFoundPage(w, r, err)