Update: Apple has since released security update 2017-001 which will fix this issue without having to reset your root password.
A serious security flaw in macOS High Sierra allows an attacker to get root access with no password. If you go into system preferences and authenticate, all you have to do is type in root as the user and no password.
You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use “root” with no password. And try it for several times. Result is unbelievable! pic.twitter.com/m11qrEvECs
— Lemi Orhan Ergin (@lemiorhan) November 28, 2017
To fix this, simply change your root password:
- Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).
- Click , then enter an administrator name and password.
- Click Login Options.
- Click Join (or Edit).
- Click Open Directory Utility.
- Click in the Directory Utility window, then enter an administrator name and password.
- From the menu bar in Directory Utility, choose Edit > Change Root Password…
- Enter a root password when prompted.