.\WinSCP.exe command without password fails

Hello, I think I found a bug.
Steps to reproduce:

1) If I open PowerShell and pass the values user:password@server like this
everything is good and I can connect to the remote server

2) If I open PowerShell and pass the values user@server like this a window pops up asking for password. I enter the password manually and the window says "Access denied".

I'm on version 5.17.10

Cannot tell if it's related to the hostkey ssh-ed25519 255 or if affects all key type as I only have this environment.

Thank you

Here the logs of the successful login with password and unsuccessful login without password

I have anonymized the data.

I forgot to mention that I discovered this bug while using the PowerShell code that you put in this page https://winscp.net/eng/docs/library_from_script

fails with error:

Hello,
I hope this might help you see the big picture. I took a video in which you can see as the same line of code works with password but fails without password.

Even if I copy/paste the same password from the previous line the login fails.

I believe there must be a problem in the concatenation because works while and adding the password later when prompted it doesn't.

The same problem also affect not only the but also the when used with the PowerShell script you mention in your guides.

Cannot tell if it's related to as I cannot test it with other environments.

Let me know if you need any information.

Add /loglevel=* to WinSCP commandline to enable password logging and compare the logs, to check if the same password is really used in both cases. Is there any special character in the password?

I found the bug!
Yes, we have a % in the password.
In the logs I noticed that the password in plain text switched the %24 to a $.

But there is definitely a bug.

Here is the problem.
Can you see the password how it changes?

See https://winscp.net/eng/docs/session_url#special

All good, you can close this topic as it works as expected.
However I find strange that you wan to keep the software behave in that way.
I still have a problem with PowerShell.
I will open another topic.

Thank you

Can you please explain what do you find strange about it?

For example take MySQL, if you want to connect you can provide user, password and server this way:
Or otherwise you can only provide user and server this way
and the password will be prompted and you just have to enter it and it works.
Your software is the first software that I encounter that basically says:
"... if you enter user:password@server it's file BUT if you dare to enter only user@serve... well... now every "%" followed by two digits will be converted to UTF-8. Have fun finding out your new password."

I tell you, I've been working 10 years in IT and this is the first software I see, whatever the OS can be Linux/Windows/Mac that actually change the password in behalf of the way you send the command.

It's crazy, don't you think?

Can you name another software that acts like that?

That's how URLs works. Any URLs, anywhere. In all web browsers. In many command-line FTP/SFTP clients, like OpenSSH, curl, wget, etc.
There are standards for that.
https://datatracker.ietf.org/doc/html/rfc3986#section-2.1
https://en.wikipedia.org/wiki/Percent-encoding

If you do not like it, do it the way you do with mysql. There are -username and -password switches in WinSCP:
https://winscp.net/eng/docs/scriptcommand_open#username
Even the article, I've linked above tells that:

To avoid having to URL-encode the credentials, particularly when sourcing them from a variable, you can use -username and -password switches of the open command or WinSCP commandline.