This version of the documentation is archived and no longer supported.


MONGODB-CR is a challenge-response mechanism that authenticates users through passwords. MONGODB-CR verifies supplied user credentials against the user’s name, password and authentication database. The authentication database is the database where the user was created, and the user’s database and the user’s name together serve to identify the user.

MONGODB-CR User Credentials and SCRAM

Changed in version 3.0.

MongoDB no longer defaults to MONGODB-CR and instead uses Salted Challenge Response Authentication Mechanism (SCRAM) as the default authentication mechanism.

After you upgrade a deployment that already has MongoDB Challenge and Response (MONGODB-CR) user credentials, if you have not upgraded the authentication schema, you can continue to use MONGODB-CR:

  • For older versions of drivers that do not support MongoDB 3.0+ features, you will continue to use MONGODB-CR.
  • For drivers that support MongoDB 3.0+ features (see Driver Compatibility Changes), you can explicitly specify MONGODB-CR as the authentication mechanism to use MONGODB-CR. Otherwise, the credentials are temporarily converted to use SCRAM during authentication to provide improved protection from passive eavesdroppers; this temporary conversion does not affect how the credentials are stored.

To upgrade the authentication schema model to SCRAM, see Upgrade to SCRAM.


The procedure to upgrade to SCRAM discards the MONGODB-CR credentials used by 2.6. As such, the procedure is irreversible, short of restoring from backups.

The procedure also disables MONGODB-CR as an authentication mechanism.

←   SCRAM x.509  →