diff --git a/server/routes/api/cron.ts b/server/routes/api/cron.ts
index 1d4a67b40..2b5fc67da 100644
--- a/server/routes/api/cron.ts
+++ b/server/routes/api/cron.ts
@@ -15,6 +15,8 @@ const cronHandler = async (ctx: Context) => {
   const { token, limit = 500 } = ctx.body as { token?: string; limit: number };
 
   if (
+    !token ||
+    token.length !== env.UTILS_SECRET.length ||
     !crypto.timingSafeEqual(
       Buffer.from(env.UTILS_SECRET),
       Buffer.from(String(token))
diff --git a/server/routes/api/hooks.ts b/server/routes/api/hooks.ts
index 28622a034..622714431 100644
--- a/server/routes/api/hooks.ts
+++ b/server/routes/api/hooks.ts
@@ -28,6 +28,7 @@ function verifySlackToken(token: string) {
   }
 
   if (
+    token.length !== env.SLACK_VERIFICATION_TOKEN.length ||
     !crypto.timingSafeEqual(
       Buffer.from(env.SLACK_VERIFICATION_TOKEN),
       Buffer.from(token)