ConsentFix attacks abuse GitHub OAuth tokens to bypass authentication

ConsentFix is an advanced OAuth abuse technique in which attackers socially engineer users to grant consent to malicious or compromised OAuth applications, yielding persistent access tokens that bypass MFA and other authentication protections; the report details the attack flow, typical delivery methods, business impacts (data exfiltration, downstream compromise), and mitigation strategies such as short-lived tokens, scope limitation, secret rotation, monitoring third-party integrations, and vendor risk management.