This a CVSROOT in this format is flagged as invalid. Should be WARNed instead

:pserver:[username]:@host[:[port]]/path

Note the colon between username & @host, indicating the inclusion of a blank password. I'm not using .cvspass, but expecting users to supply their own creds in CVSROOT.