Fix rapid7#9602, a little defensive programming

Check for a nil message and unnecessary auth failures while looping.

Author: wvu

lib/msf/core/exploit/fortinet.rb

@@ -29,15 +29,22 @@ def authenticate(service_name, username = 'Fortimanager_Access', password = nil)
         password || ''
       ))
 
+      tried = false
+
       loop do
         message = session.next_message
 
+        return false unless message
+
         case message.type
         when USERAUTH_SUCCESS
           debug { 'Received SSH_MSG_USERAUTH_SUCCESS' }
           return true
         when USERAUTH_FAILURE
           debug { 'Received SSH_MSG_USERAUTH_FAILURE' }
+
+          break if tried
+
           debug { 'Sending SSH_MSG_USERAUTH_REQUEST (keyboard-interactive)' }
 
           send_message(userauth_request(
@@ -54,6 +61,8 @@ def authenticate(service_name, username = 'Fortimanager_Access', password = nil)
             '',
             ''
           ))
+
+          tried = true
         when USERAUTH_INFO_REQUEST
           debug { 'Received SSH_MSG_USERAUTH_INFO_REQUEST' }