https://www.theguardian.com/technology/2017/nov/29/macos-high-sierra-bug-apple-mac-unlock-blank-password-security-flaw

Apple working on emergency fix for flaw that allows access by using username ‘root’, which bypasses security settings locally and in some cases remotely

A serious security flaw found in the latest version of Apple’s macOS High Sierra could allow anyone to access locked settings on a Mac using the user name “root” and no password, and subsequently unlock the computer.