It looks like there is a bug with Passwords containing # in the latest Spark (2.9.4) and Openfire (4.6.4) issue.
Our Openfire is connected via LDAP to ActiveDirectory, not sure if the issue is related to that.
After changing the password (just replacing #), I was able to connect, before the " SaslException: PLAIN: user not authorized" was displayed.
Maybe also worth mentioning: This became apparent when reinstalling Spark because this user didn’t receive messages from some users anymore. The password worked in one of the older Spark/Openfire Versions, also it wasn’t a problem when updating to 2.9.4/4.6.4 (probably because the password was stored).