Password managers that use authenticated encryption are not vulnerable to such attacks. Well, it's more a hypothetical attack, in practice you're more likely to get a keylogger.
I'm not sure what you mean by authenticated encryption. I'm assuming you just meant single key encryption.
My question is if those are really on a different set of math, as my understanding was that they were not, all told. If you can bust public/private key encryption, you can typically bust all encryption. Is that not necessarily the case?
Pass uses public key to encrypt files, an attacker needs to know only the public key to forge pass files, and that public key isn't secret, it's stored in plain, unencrypted, that's why you can create pass files without entering master password that protects private key which is not used to create pass files. That's the catch with asymmetric encryption.
It's not a certainty of abuse, only uneasiness about technical feasibility. Historically abuse of forgery was clever and unpredictable, as a result design of cryptographic systems tries to prevent forgery when possible. A hypothesis: pass prints text from decrypted file to terminal, terminals have rich functionality, legacy features and wide attack surface, so text printed to terminal is an attack vector.
