diff --git a/changelog/unreleased/fix-banned-password.md b/changelog/unreleased/fix-banned-password.md
new file mode 100644
index 0000000000..356b20ff19
--- /dev/null
+++ b/changelog/unreleased/fix-banned-password.md
@@ -0,0 +1,5 @@
+Bugfix: Fix an error message
+
+Capitalize an error message for Banned-Passwords List OCIS-3809
+
+https://github.com/cs3org/reva/pull/4216
diff --git a/go.mod b/go.mod
index 4a24c82634..0eac55bb18 100644
--- a/go.mod
+++ b/go.mod
@@ -42,6 +42,7 @@ require (
 	github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
 	github.com/hashicorp/go-hclog v1.3.1
 	github.com/hashicorp/go-plugin v1.4.5
+	github.com/huandu/xstrings v1.3.2
 	github.com/iancoleman/strcase v0.2.0
 	github.com/jedib0t/go-pretty v4.3.0+incompatible
 	github.com/jellydator/ttlcache/v2 v2.11.1
@@ -147,7 +148,6 @@ require (
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/hashicorp/serf v0.10.0 // indirect
 	github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 // indirect
-	github.com/huandu/xstrings v1.3.2 // indirect
 	github.com/imdario/mergo v0.3.15 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
diff --git a/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/public.go b/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/public.go
index c62b730027..f1f636914a 100644
--- a/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/public.go
+++ b/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/public.go
@@ -30,6 +30,7 @@ import (
 	provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
 	types "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
 	"github.com/cs3org/reva/v2/pkg/rgrpc/todo/pool"
+	"github.com/huandu/xstrings"
 	"github.com/rs/zerolog/log"
 
 	"github.com/cs3org/reva/v2/internal/http/services/owncloud/ocs/conversions"
@@ -153,7 +154,7 @@ func (h *Handler) createPublicLinkShare(w http.ResponseWriter, r *http.Request,
 		if err := h.passwordValidator.Validate(password); err != nil {
 			return nil, &ocsError{
 				Code:    response.MetaBadRequest.StatusCode,
-				Message: err.Error(),
+				Message: xstrings.FirstRuneToUpper(err.Error()),
 				Error:   fmt.Errorf("password validation failed: %w", err),
 			}
 		}
@@ -479,7 +480,7 @@ func (h *Handler) updatePublicShare(w http.ResponseWriter, r *http.Request, shar
 		// skip validation if the clear password scenario
 		if len(newPassword[0]) > 0 {
 			if err := h.passwordValidator.Validate(newPassword[0]); err != nil {
-				response.WriteOCSError(w, r, response.MetaBadRequest.StatusCode, err.Error(), err)
+				response.WriteOCSError(w, r, response.MetaBadRequest.StatusCode, xstrings.FirstRuneToUpper(err.Error()), err)
 				return
 			}
 		}