changeUserPassword( username, password )
Updates a user’s password. Run the method in the database where the user is defined, i.e. the database you
Parameter Type Description
string Specifies an existing username with access privileges for this database.
string Specifies the corresponding password.
document Optional. The level of write concern for the creation operation. The
writeConcerndocument takes the same fields as the
To modify the password of another user on a database, you must have the
changeAnyPassword action on that database.
db.changeUserPassword() sends all specified data to the MongoDB instance in cleartext. Use TLS transport encryption to protect communications between clients and the server, including the password sent by
db.changeUserPassword(). For instructions on enabling TLS transport encryption, see Configure mongod and mongos for TLS/SSL.
MongoDB does not store the password in cleartext. The password is only vulnerable in transit between the client and the server, and only if TLS transport encryption is not enabled.