CryptoJS.AES.decrypt returning value even when incorrect password entered

[terran6]

I have an expectation that the below decrypt function should return either an error or an empty string if an incorrect password is entered.

However, there are certain circumstances where this function will return a short string of a single character for certain combinations of user-inputted characters even though it may not be the correct password.

Could you explain why this function returns a value instead of an empty string or an error? Thank you!

    const decrypted = CryptoJS.AES.decrypt(encrypted, key, {
      iv: iv,
      padding: CryptoJS.pad.Pkcs7,
      mode: CryptoJS.mode.CBC,
    }).toString(CryptoJS.enc.Utf8);

[SatoshiMota]

I now have such a problem, I came up with a bunch of methods and nothing helps, I wonder what dodik thought of not processing the wrong password. Because of this + hatred for the library and I'll go take a normal one that can handle errors.