Description: ------------ The login() method which uses DIGEST-MD5 regardless of server response returns true. This situation is caused when the client sends invalid user or password. The version number is 1.3.2 When mailserver returned "ERR" response, the method should return "false". in _authDigest_MD5() ------------------------------------------------------------ if ( PEAR::isError($error = $this->_send( $auth_str ) ) ) { return $error; } /**** here ****/ if ( PEAR::isError( $challenge = $this->_recvLn() ) ) { <-- it doesn't check server response. /**** here ****/ return $challenge; } /* * We don't use the protocol's third step because POP3 doesn't allow * subsequent authentication, so we just silently ignore it. */ if ( PEAR::isError( $challenge = $this->_send("\r\n") ) ) { return $challenge ; } /**** here ****/ if ( PEAR::isError( $challenge = $this->_recvLn() ) ) { <-- it doesn't check server response. /**** here ****/ return $challenge; } return true; ------------------------------------------------------------

Thank you for this bug report. To properly diagnose the problem, we need a backtrace to see what is happening behind the scenes. To find out how to generate a backtrace, please read http://bugs.php.net/bugs-generating-backtrace.php Once you have generated a backtrace, please submit it to this bug report and change the status back to "Open". Thank you for helping us make PEAR better. Please try it now