This is an elevation of privileges vulnerability.
Users in a DB have an ID, Username, Password and Secret. To solve this challenge you need to view the secret of 'User2'
Submit a valid username and password to log in
Log in to see your profile