It allows logins and/or changes to critical Settings with the Superuser (root) without a password. I’m sure that Apple is already working on a permanent fix for that, until then you should safe your Mac!
How-to fix the macOS blank root password Security issue?
- Open ‘Terminal’ or ‘iTerm2’
- Type
sudo passwd root - Type your (User) password
- Select a strong password for root (and repeat it)
I was told, that this critical flaw is fixed in the latest macOS High Sierra 10.13.2 Beta (17C83a), but I tested it and the issue was still present on the test system!!!
Someone told me, that I should disable the ‘Guest' user. That doesn’t solve the issue, at least not on my two MacOS High Sierra systems.