Excuse me, but have you been able to isolate whether it is really a problem with the password string, or with your sas account, or with the site you are trying to access with proc http?
If it is a problem with the special symbols in the password, are you double coating the password when specifying it in proc http? Why don't you use single quotation marks? Use single quotation marks when you don't want to expand or reference a macro.
My instinct(!) tells me to not use these characters in particular:
as they have special meaning within the HTTP protocol. I would also refrain from using quotes, as that makes handling such strings in any programming environment harder.
Since these are for internal, technical users of the SAS system, why do you need to use them in PROC HTTP? I never accessed these users with anything but the SAS Management Console.
Note that a random 8-character password consisting of upper/lowercase letters, digits and underlines will provide so many permutations (63**8) that brute-forcing it with 1000 tries per second would still take close to 8000 years.