Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Energy Department patched flaws enabling email impersonation in critical minerals system

(Department of Energy)

By David DiMolfetta

The Energy Department recently fixed an identity verification flaw in a portal supporting its critical minerals programs after a security researcher found the system allowed outside users to register with email addresses that appeared to belong to the department.

According to the researcher, Ronald Lovelace, the portal linked to the Office of Critical Minerals and Energy Innovation had allowed users to register or operate accounts that appeared to be associated with legitimate Energy Department email addresses without properly verifying ownership of those accounts.

The vulnerabilities could have let cyberspies present themselves as Energy officials within the system, potentially misleading researchers, contractors or other top officials who use the platform for program-related communications.

Read more at NextGov/FCW

Click to listen highlighted text!