The default policy truncates passwords at the first colon (':') character that they contain. Obviously this means that you can't use passwords that contain this character to successfully connect to a remote server.
This is due to the way that lib/policies/policy.js parses a the value from a urlObject.auth field. Specifically:
Because urlObject.auth is always a URI decoded value - if either the username or password portion of the authentication information contain a colon character it is ambiguous as to where the two fields are delimited.
The default policy truncates passwords at the first colon (':') character that they contain. Obviously this means that you can't use passwords that contain this character to successfully connect to a remote server.
This is due to the way that
lib/policies/policy.jsparses a the value from aurlObject.authfield. Specifically:Because
urlObject.authis always a URI decoded value - if either the username or password portion of the authentication information contain a colon character it is ambiguous as to where the two fields are delimited.