Back to threat alerts

ConsentFix: Weaponising First-Party Trust to Bypass Phishing-Resistant MFA

Researchers at Push Security have uncovered ConsentFix, a sophisticated evolution of browser-based phishing that weaponises the trust in the OAuth 2.0 framework. Unlike traditional attacks that rely on fake login pages, the campaign exploits legitimate authentication processes of First-Party Microsoft applications as they are implicitly trusted and often "pre-consented" within corporate networks, allowing them to bypass the security.

Threat alert
January 21, 2026

In a ConsentFix scenario, the victim authenticates directly at login.microsoftonline.com. Because the domain is genuine and the SSL certificate is valid, phishing-resistant controls function exactly as intended and successfully verify the user. The security failure occurs only after authentication has succeeded. The OAuth 2.0 protocol assumes that if a user authenticates correctly and the client application receives the authorisation code, the entire flow is secure.

User is tricked into acting as a "manual bridge" for the attacker. Victims are lured to a fake verification page and convinced to copy a high-value authorisation code from their legitimate Microsoft session and paste it directly into the attacker's interface. By using the clipboard to transport this digital key, the attacker effectively decouples authentication from token possession.

Technical Kill Chain
Delivery and Targeting

The attack begins when a user finds a legitimate but compromised website or via phishing. Once the victim visits the site, a hidden JavaScript loader performs several silent background checks:

  • Bot Detection: fingerprints the browser to ensure it is not a security crawler or sandbox.
  • Geo-Fencing: verifies the victim's IP address against a target list
  • Cloudflare Turnstile Simulation: The victim is presented with a fake CAPTCHA or Cloudflare verification screen.
The Lure and the "Fix"

The user sees a popup claiming there is a browser error, a verification requirement, or a missing software dependency. They are instructed to "Sign In to Microsoft" to resolve the issue.

  • Legitimate Links: the "Sign In" button is not a fake page. It is a genuine link to the Microsoft Entra ID authorisation endpoint.
  • High-Privilege Scopes: specifically targets "First-Party" apps like the Azure CLI. It requests broad permissions, such as the user_impersonation scope, which allows full access to Azure Management APIs.
The "Localhost" Mechanism

When a developer logs into the Azure CLI, the tool listens on a local port; after the user logs in, Microsoft sends a digital "authorisation code" to that local port, which the tool catches to complete the login.

In this attack, there is no CLI tool running. When Microsoft redirects the browser to localhost with the code, the browser displays a "This site can’t be reached" error because nothing is listening on that port. To the user, this looks like the "error" the attacker warned them about. The malicious site provides instructions: "If you see a connection error, copy the URL from the address bar and paste it here to complete verification."

Token Exchange and Compromise

The victim copies the URL, which contains the high-value authorisation code (?code=...).  

  • Exfiltration: The attacker's script strips the code from the URL and sends it to their Command and Control (C2) server.
  • Redemption: the attacker can redeem this code for access tokens without needing a secret password.
  • Persistent Access: The attacker receives both an Access Token and a Refresh Token
Vulnerable Applications


Research from Push Security and the wider cybersecurity community has identified a "hit list" of specific Microsoft applications. These applications are particularly vulnerable as they allow "localhost" redirects and possess high-level permissions that can give an attacker significant control.


Application Name
Client App ID
Sensitivity
Use Case in Attack

Microsoft Azure CLI
04b07795-8ddb-461a-bbee-02f9e1bf7b46
Critical
Primary vector, grants access to Azure Resource Manager (ARM).

Microsoft Azure PowerShell
1950a258-227b-4e31-a9cf-717495945fc2
Critical
Allows attackers to run PowerShell cmdlets against the tenant.

Microsoft Teams
1fec8e78-bce4-4aaf-ab1b-5451cc387264
High
Access to chat logs, files, and user directory. Used for internal lateral movement.

Visual Studio
872cd9fa-d31f-45e0-9eab-6e460a02d1f1
Medium
Access to source code repositories and development environments.

Microsoft Whiteboard
57336123-6e14-4acc-8dcf-287b6088aa28
Medium
Often has less monitoring; used as a stealthy entry point.

Visual Studio Code
aebc6443-996d-45c2-90f0-388ff96faa56
Medium
Similar to Visual Studio; trusted developer tool.

A major factor in the severity of these attacks is a concept known as the Family of Client IDs (FOCI). Many of the applications listed above belong to the same "family" within the Microsoft ecosystem. A key feature of FOCI is that a "Refresh Token" issued to one family member (such as Microsoft Whiteboard) can often be exchanged for an "Access Token" for another family member (such as Azure PowerShell) without the user ever being prompted again.

Mitigations & Recommendations

Defending against ConsentFix requires a "Defence in Depth" approach:

  • Conditional Access Policy Hardening: limit the usage of Azure CLI or Powershell to limited security groups; additionally require managed or compliant devices for logins outside business expected locations.  
  • Enhance browser security with enterprise tools that can detect and block the act of pasting data from a localhost URL into a web form
  • Web Filtering: Ensure web filters are configured to block newly registered domains and known malicious categories
  • Hunting/Alerting: enable AADGraphActivityLogs and hunt for the above Application IDs alongside the Resource IDs for Windows Azure Active Directory (00000002-0000-0000-c000-000000000000) and Microsoft Intune Checkin (26a4ae64-5862-427f-a9b0-044e62572a4f). Useful tool for checking First Party Apps & Scope Browser ( https://entrascopes.com/?bypass=true&authcodeFix=true)  


Resources:

https://pushsecurity.com/blog/consentfix-debrief/

https://www.glueckkanja.com/en/posts/2025-12-31-vulnerability-consentfix