diff --git a/utils.py b/utils.py
index 87ed90028..5fe441d38 100644
--- a/utils.py
+++ b/utils.py
@@ -3969,7 +3969,7 @@ def check_bad_path(path: str):
 
     bad_strings = ('..', '/.', '%2e%2e', '%252e%252e',
                    '/sftp.', '/sftp-', '/statistics',
-                   '/config/', 'settings.')
+                   '/config/', 'settings.', 'credentials')
 
     # allow /.well-known/...
     if '/.' in path_lower: