SCRAM authentication should not be considered complete until the client has validated server proof from the server's second message. Currently, a {done:1} sent during the first or second message will bypass this validation.
- related to
-
SERVER-44857 Shorter SCRAM conversation
- Closed