The Anti-virus Times

According to this tweet, root access can be acquired by anyone who goes to System Preferences → Users & Groups, opens any user account page, clicks on the padlock (places the cursor on the password-input field before clicking the unlock button), enters “root” as the login and uses an empty password. Clicking Unlock repeatedly will "convince" macOS that root privileges must be granted.

Many users confirmed that the issue did exist in their systems.

What makes matters worse, the trick also works on the system login screen.

To resolve this issue, enable the root account (don't use an empty password). The easiest way to accomplish this is to run the following command in the terminal:

sudo passwd -u root

You also need to specify a strong password (the source). you can also use the GUI to enable the root account.

https://habrahabr.ru/post/343452

The issue in question was described in detail as a solution to a user's problem on Apple's developer support forum. On November 13, Chethan Kamath, who signed in on the forum under the alias chethan177, wrote: On startup, click on "Other".

Enter username: root and leave the password empty. Press enter. (Try twice.)

https://www.theguardian.com/technology/2017/nov/29/macos-high-sierra-bug-apple-mac-unlock-blank-password-security-flaw

https://forums.developer.apple.com/thread/79235