What Is MongoDB Default Username and Password

Tahseen Tauseef Feb 12, 2024
  1. MongoDB Authentication Basics
  2. Default Username and Password in MongoDB
  3. Find Your Username and Password in MongoDB
  4. Best Practices for Authentication in MongoDB
  5. Conclusion
What Is MongoDB Default Username and Password

MongoDB, a popular NoSQL database, is known for its flexibility, scalability, and ease of use. When setting up MongoDB, securing access to the database is crucial for protecting sensitive information.

In this article, we’ll delve into the details of MongoDB’s default username and password, exploring its significance, implications, and best practices for managing authentication. We’ll also discuss how to find a username and password in MongoDB.

MongoDB Authentication Basics

MongoDB employs a role-based access control system, and authentication is a fundamental aspect of database security. By default, MongoDB installations do not require authentication, allowing users to connect to the database without specifying a username and password.

However, enabling authentication is strongly recommended in production environments to prevent unauthorized access and protect valuable data.

Default Username and Password in MongoDB

When authentication is enabled, MongoDB uses a user-based authentication model. The default username and password are not explicitly set during the initial installation. Instead, MongoDB relies on the creation of user accounts by administrators to control access.

By default, MongoDB does not have access control enabled, so there is no default user or password. Use the command line option --auth or the security.authorization configuration file setting to enable access control.

First, open a terminal and start MongoDB Daemon.

mongod --port 27017 --dbpath /data/db

Then, start the Mongo shell in a new terminal tab.

mongo --port 27017

Use the admin db and create the first admin user with the following commands:

create the first admin user

In this example, we create a user administrator with the username "adminUser" and password "adminPassword" in the "admin" database. This user has the userAdminAnyDatabase role, providing administrative privileges across all databases.

Enter quit() to exit, then press and hold CTRLC to kill the process on the Mongo daemon page, and restart MongoDB with the --auth option enabled.

$ mongod --auth --port 27017 --dbpath /data/db
2019-02-23T16:18:38.539+0800 I CONTROL [main] Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'
...
...
2019-02-23T16:18:38.553+0800 I CONTROL  [initandlisten] options: { net: { port: 27017 }, security: { authorization: "enabled" }, storage: { dbPath: "/data/db" } }

Log in to the Mongo shell with the user created earlier.

$ mongo --port 27017 -u "user123" -p "pass123" --authenticationDatabase "admin"
MongoDB shell version v4.0.2
connecting to: mongodb : //127.0.0.1:27017/
MongoDB server version: 4.0.2
...

Select Username/Password (MONGODB-CR/SCRAM-SHA-1) to connect to your MongoDB deployment.

Check Username/Password (MONGODB-CR/SCRAM-SHA-1) or Username/Password (SCRAM-SHA-256) from Agent Auth Mechanism. Cloud Manager automatically generates the Agents’ usernames and passwords. Lastly, click Save.

Find Your Username and Password in MongoDB

You can specify the password directly as you would with earlier versions of the Mongo shell. A user document contains the username and password, optionally, the authentication mechanism, and a digest password flag.

The user’s name with access privileges for the given database and the user’s password.

If you have forgotten or need to retrieve your MongoDB username and password, below are the steps you should follow:

Check MongoDB Configuration Files

Linux / macOS:

  • Open a terminal.
  • Use a text editor to view the conf file.
    cat /etc/mongod.conf
    

Windows:

  • Open the MongoDB installation directory.
  • Locate the mongod.cfg file and open it with a text editor.
    Get-Content "C:\Program Files\MongoDB\Server\<version>\bin\mongod.cfg"
    

Look for the security section in the configuration file. If authentication is enabled, you should find the following lines:

security:
  authorization: enabled

If enabled, you will need to locate or reset the username and password through the MongoDB shell.

Open a terminal or command prompt and connect to the MongoDB instance:

mongo

Switch to the Admin Database with the following command:

use admin

Run the following query to retrieve information about the users in the admin db:

db.getUsers()

get users

This command will display a list of users along with their roles and privileges. Look for the user whose roles include the userAdminAnyDatabase role, as this user typically has administrative privileges and can manage other users.

If you need to reset the MongoDB user’s password for an existing user or create a new user, follow these steps:

db.changeUserPassword("yourUsername", "newPassword")

Replace "yourUsername" with your actual username and "newPassword" with your new password.

Create New User:

db.createUser({
  user: "newUsername",
  pwd: "newPassword",
  roles: ["userAdminAnyDatabase"]
})

Replace "newUsername" and "newPassword" with your desired username and password. The userAdminAnyDatabase role provides administrative user privileges.

Best Practices for Authentication in MongoDB

  1. Change the Default Credentials:
    • Always change the default username and password from the initial setup to enhance security. Use strong, unique passwords for each user.
  2. Create Specific User Roles:
    • Assign specific roles to users based on their responsibilities. Avoid assigning overly permissive roles to minimize the risk of unauthorized access.
  3. Use TLS/SSL Encryption:
    • Encrypt communication between MongoDB clients and servers using TLS/SSL. This ensures that sensitive data, including usernames and passwords, is secure during transmission.
  4. Enable Network Binding:
    • MongoDB can be configured to bind to specific network interfaces, limiting exposure to potential security threats. Configure network binding to only listen on necessary interfaces.
  5. Implement Two-Factor Authentication (2FA):
    • Some MongoDB hosting providers and tools support 2-factor authentication, adding an extra layer of security to user logins.
  6. Regularly Monitor and Audit:
    • Regularly monitor and audit MongoDB logs to identify any suspicious activities or potential security breaches. MongoDB provides logs that can be analyzed for such purposes.
  7. Keep MongoDB Updated:
    • Ensure that you’re using the latest stable version of MongoDB. Regularly update the database software to benefit from security patches and improvements.

Conclusion

Understanding MongoDB’s default username and password is crucial for database administrators tasked with securing MongoDB installations. By default, MongoDB allows connections without authentication, but enabling and properly managing authentication is essential for securing access to the database.

Following best practices, such as changing default credentials, creating specific user roles, and enabling encryption, contributes to a robust security posture. Regular monitoring, auditing, and staying updated with the latest MongoDB releases are essential components of a comprehensive security strategy for MongoDB deployments.

Related Article - MongoDB Authentication