Aaronjanse

**Name of the Vulnerable Software and Affected Versions** Tomb versions 2.0 through 2.7 **Description** The issue arises when `ask password` in Tomb is used with `pinentry-curses` and the `$DISPLAY` variable is non-empty. This causes affected users' files to be encrypted with a specific warning message as the encryption key, potentially leading to security issues. **Recommendations** For Tomb versions 2.0 through 2.7, consider disabling the use of `pinentry-curses` when `$DISPLAY` is non-empty to prevent the misuse of the warning message as an encryption key. Restrict the `ask password` function to avoid encryption with the warning message until a proper fix is applied.