The Department of Energy has remediated an identity verification vulnerability in a portal supporting its critical minerals programs after a security researcher disclosed the flaw, Nextgov/FCW reported Monday.
The DOE’s effort to fix identity verification vulnerabilities underscores the evolving cyberthreat landscape. Gain deeper insight into federal cybersecurity priorities at Potomac Officers Club’s 2026 Cyber Summit on May 21. Book your seat today!
Table of Contents
What Was the ID Verification Vulnerability?
Researcher Ronald Lovelace found the system, particularly the portal connected to the Office of Critical Minerals and Energy Innovation, allowed external users to register accounts using email addresses that appeared to belong to the Energy Department without verifying ownership.
How Was It Discovered?
Lovelace said he used subdomain enumeration, a reconnaissance technique that maps digital footprint and accessible web infrastructure, to identify the portal and the vulnerability in the verification process. He demonstrated the issue by creating a test account with an email formatted as an Energy address and notified department IT staff. There is no evidence that the flaw was exploited.
Why Does Identity Verification Matter?
The weakness may have enabled cyber attackers to impersonate department officials on the platform. By exploiting the vulnerability, threat actors might have deceived researchers, contractors or other senior officials who rely on it for official program communications, potentially gaining access to sensitive internal documents or inserting themselves into program discussions. The risk is especially significant because DOE’s critical minerals programs underpin domestic supply chains that support energy technologies and advanced manufacturing.
“This should be a wake up call for every government agency. When adversaries can enumerate federal domains, map critical digital infrastructure and impersonate senior officials without ever breaching a network, the attack surface has fundamentally shifted,” said Jordan Burris, head of public sector at Socure.
Broader Cybersecurity Challenges at DOE
The remediation follows continued oversight of DOE’s cybersecurity posture. In a 2025 report, the department’s Office of Inspector General warned that dozens of previously identified cybersecurity weaknesses remain unresolved. The watchdog cautioned that gaps in vulnerability management and security controls could leave departmental systems and data exposed to malicious cyber actors.
Related Articles
Army Chief Information Officer Leonel Garciga and Army Under Secretary Michael Obadal discussed the service’s business systems consolidation and IT modernization efforts at the AFCEA NOVA Army IT Day, Federal News Network reported Monday. As Army leaders continue advancing system consolidation and enterprise IT modernization efforts, those priorities are expected to remain central to broader defense technology discussions. Save your spot at the Potomac Officers Club’s 2026 Army Summit on June 18 and join senior military officials and industry leaders as they explore the Army’s evolving priorities and strategic initiatives. Garciga, a two-time Wash100 awardee, described legacy business systems as
The Federal Trade Commission and the Department of Justice’s Antitrust Division have initiated a joint public inquiry to gather input on potential updated guidance addressing collaborations among competitors. The agencies said Monday they are seeking public comment on whether new guidance would clarify how antitrust laws apply to business collaborations in today’s economy. The move follows the December 2024 withdrawal of the 2000 Antitrust Guidelines for Collaborations Among Competitors, which previously outlined how regulators evaluated joint ventures and other cooperative arrangements. Public comments must be submitted through regulations.gov by April 24, and may not exceed 18 pages. What Is the
The Space Development Agency has awarded a prototype agreement valued at $30 million to AST SpaceMobile under the Hybrid Acquisition for Proliferated Low Earth Orbit, or HALO, Europa Track 2 program to demonstrate commercial tactical satellite communications capabilities. Under the firm-fixed price, other transaction agreement, AST SpaceMobile will use its commercial space vehicles for the demonstration, which is expected to be completed by December 2027, the agency said Monday. AST SpaceMobile operates the BlueBird satellite constellation. The company currently has six BlueBird satellites in orbit, with a seventh one being prepared for launch in the coming days, Breaking Defense reported.