5 matches found
Authentication Bypass
askpassword is vulnerable to authentication bypass. The tomb can be unlocked using any password when using pinentry-curses and non-empty $DISPLAY...
CVE-2020-28638
askpassword in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users' files to be encrypted with "tomb W Detected DISPLAY, but only pinentry-curses is found." as the encryption key...
CVE-2020-28638
askpassword in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users' files to be encrypted with "tomb W Detected DISPLAY, but only pinentry-curses is found." as the encryption key...
CVE-2020-28638
askpassword in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users' files to be encrypted with "tomb W Detected DISPLAY, but only pinentry-curses is found." as the encryption key...
CVE-2020-28638
The CVE-2020-28638 entry concerns Tomb 2.0–2.7. When pinentry-curses is used and $DISPLAY is non-empty, a warning is produced and affected files are encrypted using the literal string "tomb {W] Detected DISPLAY, but only pinentry-curses is found." as the encryption key. The provided connected doc...