tag:infinitekind.tenderapp.com,2009-01-14:/discussions/online-banking/14145-citi-cardsInfinite Kind: Discussion 2021-02-09T17:47:56Ztag:infinitekind.tenderapp.com,2009-01-14:Comment/476035602019-11-15T22:37:43Z2019-11-25T14:18:17ZCiti Cards<div><p>Hi Sean,</p>
<p>1:30pm PT tomorrow (11/16) works for me. What software is needed for a<br>
screen sharing session? And how do we avoid any privacy issues...will<br>
we create a brand new MD file?</p>
<p>Randy</p></div>R Wongtag:infinitekind.tenderapp.com,2009-01-14:Comment/476035602019-11-16T16:51:40Z2019-11-25T14:18:17ZCiti Cards<div><p>Hi Randy,<br>
1:30pm Pacific will be great. To run the session can you run the app that downloads from the following link at the meeting time?<br>
<a href="https://get.teamviewer.com/tikhelp">https://get.teamviewer.com/tikhelp</a><br>
We can try it with a fresh new data file if you like, but if that works then we should also make sure it works with your main data file as well.</p>
<p>Thanks,<br>
Sean</p></div>Sean Reillytag:infinitekind.tenderapp.com,2009-01-14:Comment/476035602019-11-16T17:46:34Z2019-11-25T14:18:17ZCiti Cards<div><p>Hi Sean, Can we move up the meeting to 1:00-1:15 PT? I don’t want to cut it short if it should take longer than expected.</p>
<p>Thanks. Randy</p></div>Calbear85tag:infinitekind.tenderapp.com,2009-01-14:Comment/476035602019-11-16T20:53:28Z2019-11-25T14:18:17ZCiti Cards<div><p>Hi Randy,<br>
I'm sorry I can't make it until 1:30. We can always continue later if it ends up taking longer than expected.<br>
Thanks,<br>
Sean</p></div>Sean Reillytag:infinitekind.tenderapp.com,2009-01-14:Comment/476035602019-11-16T20:54:37Z2019-11-25T14:18:17ZCiti Cards<div><p>No worries.</p></div>Calbear85tag:infinitekind.tenderapp.com,2009-01-14:Comment/476035602019-11-22T12:01:31Z2019-11-25T14:18:16ZCiti Cards<div><p>I'm still stuck. Still getting the message to wait 24 to 36 hours :-(</p></div>Andrewtag:infinitekind.tenderapp.com,2009-01-14:Comment/476035602019-11-22T13:56:17Z2019-11-25T14:18:16ZCiti Cards<div><p>Hi Andrew,</p>
<p>Could you start a new thread with a screenshot (or copy and paste of the text) showing that error messagea?</p>
<p>Thanks,<br>
Sean</p>
<p>--<br>
Sean Reilly<br>
Developer, The Infinite Kind<br>
<a href="https://infinitekind.com">https://infinitekind.com</a></p></div>Sean Reillytag:infinitekind.tenderapp.com,2009-01-14:Comment/476035602019-11-23T13:52:41Z2019-11-25T14:18:16ZCiti Cards<div><p>Hi Sean,</p>
<p>Created: <a href="https://infinitekind.tenderapp.com/discussions/online-banking/14802-citicards-error-message">https://infinitekind.tenderapp.com/discussions/online-banking/14802...</a></p></div>lordpixeltag:infinitekind.tenderapp.com,2009-01-14:Comment/476035602019-11-24T21:00:19Z2019-11-25T14:18:16ZCiti Cards<div><p>After struggling with my Costco Citi VISA all year, I finally nailed the issue. Sadly, it really appears like an issue that IK should have found. I wasn't getting 2000 errors but rather cryptic 13504 errors (with no useful information). I followed hleofxquotes's brilliant debugging steps using the curl and the desktop and it was completely obvious: At some point 1Password had generated a sweet, long, random password for Citibank and it contained a '<' character. IK was sending that character through as part of the password without escaping it and Citi was choking on it. Switching my password to a still very long, but special character-less password fixed everything.</p>
<p>And Infinite Kind, you really need to properly escape the data you are passing. It seems like it could have the potential to allow some code injection.</p></div>Christag:infinitekind.tenderapp.com,2009-01-14:Comment/476035602019-11-24T22:13:18Z2019-11-25T14:18:15ZCiti Cards<div><blockquote>
<blockquote>
<blockquote>
<p>And Infinite Kind, you really need to properly escape the data you are passing. It seems like it could have the potential to allow some<br>
code injection</p>
</blockquote>
</blockquote>
</blockquote>
<p>Not escaping the special character and sending an invalid byte array<br>
would be an IK <em>bug</em>. If it resulted in a <em>code injection attack</em> that<br>
would be the fault of Citi bank but sounds like Citi bank did proper<br>
bounds checking of the input string and rejected the invalid character<br>
as they should have.</p>
<p>BTW: Thanks for all the diligence and effort chasing this down.</p>
<p>Monty</p></div>Monty Wisemantag:infinitekind.tenderapp.com,2009-01-14:Comment/476035602019-11-25T09:40:54Z2019-11-25T14:18:15ZCiti Cards<div><p>We do escape all data, including passwords, sent in OFX messages. If you have any evidence that we haven't please contact me directly at <a href="mailto:sreilly@infinitekind.com">sreilly@infinitekind.com</a>.</p>
<p>As for code injection, that's also not possible because nothing downloaded as part of OFX files is ever executed.</p>
<p>I've just double-checked the code and we are properly encoding and decoding all data.</p>
<p>Thanks,<br>
Sean</p></div>Sean Reillytag:infinitekind.tenderapp.com,2009-01-14:Comment/476035602019-11-25T13:07:37Z2019-11-25T14:18:15ZCiti Cards<div><p>In fairness, you are correct. I don't have enough data to support my claims.<br>
While I could possibly push things further by experimenting more with curl,<br>
I've fixed it and I'm happy.</p>
<p>The information I will share with you is my former Citi password and account<br>
name:<br>
firecoral<br>
CQp"mpfQPMCQTzbs16zkFr</p>
<p>This definitely didn't work and left me stranded for months. Changing the<br>
password to more than 40 alpha/numeric (no special) values fixed my issues<br>
with Citi.<br>
Chris</p></div>Chris Guthrietag:infinitekind.tenderapp.com,2009-01-14:Comment/476035602019-11-25T13:14:39Z2019-11-25T14:18:15ZCiti Cards<div><p>Apologies to IK, but I obviously didn't have enough information to make my claims as to whose fault it was. It could be a problem with the data sent by IK, or it could be a problem with the way Citi handles the incoming data. Either way, the error message "Failure" doesn't really lend itself to correction on my side and after six months of struggling, I was just relieved to have things working again.</p>
<p>In any event, I was able to resolve the problem by switching to a password with no special characters. My old password had a '<' which may have been the culprit. Fortunately, Citi accepts passwords of up to 50 characters, so I can still trust my random password to be secure.</p></div>Christag:infinitekind.tenderapp.com,2009-01-14:Comment/476035602019-11-26T14:46:26Z2019-11-26T15:23:28ZCiti Cards<div><p>Probably the 75th time I tried it, it just worked.... couldn't tell you what I did differently.</p></div>Roger Ricetag:infinitekind.tenderapp.com,2009-01-14:Comment/476035602019-11-27T03:02:36Z2019-11-27T03:02:37ZCiti Cards<div><p>Ignore</p></div>Griselda Hermosillotag:infinitekind.tenderapp.com,2009-01-14:Comment/476035602019-12-10T00:04:51Z2019-12-10T00:04:51ZCiti Cards<div><p>Okay thanks</p></div>hgggghh603tag:infinitekind.tenderapp.com,2009-01-14:Comment/476035602019-12-14T14:41:15Z2019-12-14T14:41:15ZCiti Cards<div><p>I'm still stuck with 2000 errors, weeks later. I opened another thread with a screenshot as requested but no one ever replies there :-(</p></div>lordpixeltag:infinitekind.tenderapp.com,2009-01-14:Comment/476035602019-12-14T16:01:10Z2019-12-14T16:01:10ZCiti Cards<div><p>I worked through the whole process of deleting everything (covered many times above) and setting it up again. This time it worked.</p>
<p>I did one new thing. There was a closed card sitting in my account. I unlinked it.</p>
<p>So that's one more thing for folks reading this thread to check. See if you have any closed cards and try unlinking them.</p></div>lordpixel