I am scanning from Windows 10 20h2, npcap 1.50. Remote sql server info:
Microsoft SQL Server 2016 (RTM-GDR) (KB3210111) - 13.0.1728.2 (X64)
Dec 13 2016 04:40:28
Copyright (c) Microsoft Corporation
Standard Edition (64-bit) on Windows Server 2012 R2 Standard 6.3 (Build 9600: ) (Hypervisor)
Logins file contains only one right login, passwords file contains only one right password. In nmap 7.91 login/password found successfully (sa/p@ssword12-), but in 7.92 not found.
Thanks for reporting this. The fix for #2056 made the password stored in Unicode, but the Auth.TDS7CryptPassword function was assuming ASCII and doing a transcode by XORing each byte with a 16-bit integer. The fix is in and will be synced shortly. Usernames and passwords can be provided in UTF-8.