What are the recommended defenses against CVE-2019-15107?

The primary defense is to upgrade Webmin to version 1.930 or later, which patches the vulnerability. Alternatively, ensure the password expiry policy remains at the default setting 'Always deny users with expired passwords', which prevents exploitation even on vulnerable versions. For more on securing authentication mechanisms, see our article on Phishing credentials via Basic Authentication (phishery) exploitation test.