RFC 2617 does not allow usernames which include a colon ':', however, the HTTP Authorization Manager does. This causes creation of nonsense Authorization headers, as all parts of the username after the first colon are interpreted as part of the password. The HTTP Authorization Manager should reject usernames with a colon. JMeter Version: 3.3 r1808647
This issue has been migrated to GitHub: https://github.com/apache/jmeter/issues/4521