Unexpected PASSWORD_SPRAY and USER_AS_PASS Interaction

[jetbennett]

Steps to reproduce

1. use scanner/ssh/ssh_login
2. set PASSWORD_SPRAY 1
3. set USER_AS_PASS 1
4. set USER_FILE ./usernames.txt
5. set PASS_FILE ./passwords.txt
6. set rhosts file:./targets.txt
7. run

Expected behavior

If username.txt contains:

admin
root

And passwords.txt contains:

password

I expect the module to attempt the following credentials:
admin:admin
root:root
admin:password
root:password

Current behavior

Instead, makes the following attempts:
password:password
admin:password
root:password

Metasploit version

6.4.20-dev

Additional Information

I believe the bug is related to the relatively recently implemented "PASSWORD_SPRAY" option.

[Mathiou04]

I managed to reproduce the issue on my side, and created a PR that seem to fix it.
I am not familiar with the different steps for issues here, looking at this basecode for the first time, so not sure what the next steps are.
(maybe this bug needed more triaging? 😓 )