A bug discovered in macOS High Sierra lets anyone log in as root account without entering the password. Until there is a fix from Apple, please enable the root account on your Mac and give it a password to prevent this to happen.
The bug was discovered by Lemi Orhan Ergin who tweeted about it this:
Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as “root” with empty password after clicking on login button several times. Are you aware of it @Apple?
This is a big security risk for Mac users and many reports that the bug appears on macOS 10.13, 10.13.1, and 10.13.2 beta. If you want to try how this bug works, you can this with the following steps:
● Open System Preferences
● Choose Users & Groups
● Click the lock at the bottom left
● Enter root as the username and hit enter or click Unlock.
You may need to try hitting enter or clicking Unlock for several times in order to be able to log in as the root users. I have tried myself and I needed to do it twice to succeed.