diff --git a/spec/vulnerabilities/insecure_dor_spec.rb b/spec/vulnerabilities/insecure_dor_spec.rb
index 2434e6117..fe42b1725 100644
--- a/spec/vulnerabilities/insecure_dor_spec.rb
+++ b/spec/vulnerabilities/insecure_dor_spec.rb
@@ -23,6 +23,7 @@
 
   scenario "attack two\nTutorial: https://github.com/OWASP/railsgoat/wiki/A4-Insecure-Direct-Object-Reference" do
     expect(normal_user.id).not_to eq(another_user.id)
+    login(normal_user)
 
     visit "/users/#{another_user.id}/work_info"