Anybody knows how to change the CIMB clicks password?
I can only find "forgot userid or password"

I know my ID and password.
I just want to change them.
Didnt see it is mentioned anywhere on the banking site.

will just leave this here for now

^ what does the code mean? sorry ayam buta coding here

Lu coders ke? You are correcto.

Ini code macam intern buat weh.

So why problem ?

Their back end only take 8 characters mah ....

Not the same thing lar.

This is login password.

The backend has been doing 8 characters password all the time mah. Sending extra characters over to back end also useless.

but i checked the code the logic says it will accept the password if its more than 8 characters and if the password is less than 8 characters it will take the first 8 chars, or am i wrong?

dun understand

if password more >= 8 char, then the first condition wont satisfy

if password is <8 char, then it only check up to 8th character

no conflicts what

that means if i want to attack the site, i only have to keep spamming 9 chars without special chars and the password will be accepted as a legacy 8 chars no special char password and its much easier to brute force 8 chars without special chars

the devs really damn bodo for putting the substring part, it isnt necessary at all

This 8 digit cut off been around for sometime no?

I noob apa jadi if they use substring?
Anyway changed my password already

Because of the news, I login check, lose RM49.04. No missing card, no TAC, no MSOS. The transfer can be made. Call paypal support found out both of my CIMB cards is linked to unknown paypal account holder. Requested permanent freeze at paypal and wait the missing money to be refunded from paypal. Waiting....

ps: cimb is not helping much, robot copy and paste to me only.

The transaction is listed in my cimb account on 6 dec 2018. I received suspicious sms my debit card was charged RM 52.32 in paypal on 4 dec 2018 but that day when i check, nothing is deducted in my account. As on today, I only login check and found RM49.04 was deducted on 6 dec 2018

After received my refund, gonna close cimb acc. No confident already. Imagine my card being used by random people in paypal. I thought is some nigga scammer from other country but the customer support tell me is malaysian account holder

I guess this code snippet was lifted off the net today? ie current code, right?

Haven't read all posts here, but remember reading something about a recent change by CIMB to allow longer pw & with special characters?

And because some incompetent coder wrote the above snippet, hence the exploit was created?

Help me understand the logic...

if PW is at least 8char long, and includes special chars, then the entire pw string is passed to encryption function

if PW is at least 8char long, and dun include special chars, then the long pw is truncated & the front 8char string is passed to encryption function

if PW is < 8char long eg 7char or less, irrespective got special characters or not, then what happens? Won't password = password.substring(0, 8) evaluate to #error? Previously, wasn't there a minimum # of characters for passwords ie 8?

PS: i dunno coding. only trying to make sense of the if-then-else which is also used in excel

so let's say your old pw was  12345678H%&*GGhklp    ...

1. before 18 nov, were you able to get in with just 12345678?  with 12345678H? or only with 12345678H%&*GGhklp?

2. After 18 nov, were you able to get in with just 12345678?  with 12345678H? or only with 12345678H%&*GGhklp?

curious to figure out what cimb is doing 

Thx bro, saw that & thinking thru the implications. How does CIMB store passwords? As Is? or after hashing?

If after hashing, old passwords longer than 8char should not be able to get in if just key in first 8 chars. Why? becos the hash would be diff. No? Only way can get in is IF the old password was stored As Is. Wonder if that makes sense