On November 28, a macOS 10.13.1 security issue was revealed—a flaw that allows root access to a Mac without the need for a password. It was discovered that anyone can log into a Mac by entering the user name root without a password. The first time you try to login, it won’t work. But if you try it again, you will be granted access. This only impacts macOS High Sierra 10.13.1.
macOS Sierra 10.12.6 and earlier is not impacted according to Apple.
Apple has issued an OS X 10.13.1 Security Update that patches the flaw. Apple urges users to “Install this update as soon as possible.”