As noted in a tweet by Lemi Orhan Ergin in November of 2017, there apparently is a big security issue in the Users and Groups area of Mac OS X High Sierra (it doesn’t appear to happen in earlier versions of Mac OS X).
Here’s the gist of the problem that Lemi Orhan Ergin found:
“We noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as “root” with empty password after clicking on login button several times.”
Fortunately, there is an easy fix until this gets patched (which may have already happened in the upcoming Mac OS X 10.13.2 beta). The fix is to assign a strong password to the built-in root account by following the instructions given by Apple here. In essence, you have to perform the following steps:
- Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).
- Click , then enter an administrator name and password.
- Click Login Options.
- Click Join (or Edit).
- Click Open Directory Utility.
- Click in the Directory Utility window, then enter an administrator name and password.
- From the menu bar in Directory Utility:
- Choose Edit > Enable Root User, then enter the password that you want to use for the root user.
You can also set a password with the Terminal by typing in ‘sudo passwd -u root’ and hitting return.