A web application processes user login requests through a backend service written in a low-level language. The backend stores the submitted username and role information in fixed-size memory buffers during authentication. Due to missing length checks on the username field, the system accepts overly long input without error. Security testing shows that when this occurs, some sessions are assigned administrator privileges even though correct credentials were not provided.

Explain how this vulnerability could be exploited in the web application.