5.2.5 beta onward through the 5.5 release does not appear to be transmitting passwords correctly under certain circumstances if the password contains the percent sign and plus characters in sequence, e.g. 'L^k~5$_yP%+]9:J' will fail to log in while 'L^k~5$_yP%9+]:J' will succeed. Works fine through the GUI interface (WinSCP.exe), fails through the .Net library or WinSCP.com console interface. I've only tested with FTP / FTPS servers, unknown if other protocols are affected. Have tested with two servers, 20 or so passwords, had three authentication failures, all with passwords containing '%+' in sequence.
I'm aware of the special character encoding required for '%' characters to work through the console version, both manually typing through the console and reviewing the .Net library output to the console it appears as far as I can tell that the special characters have all been properly encoded and WinSCP's interpretation of the encoded characters seems to be at fault.
Known conditions for this being an issue:
WinSCP version 5.2.5 beta or higher (5.2.4 beta and lower work fine back to 5.2.1 at least)
.Net library usage / console (WinSCP.com) usage
actual FTP or FTPS-TLS connection
Windows 7 / Windows 2008
Visual Studio 2010 / .Net 4.0