Only yesterday it became known about a serious vulnerability in macOS High Sierra, and Apple has already released a system update in which the bug was fixed.
Recently, a bug was discovered in macOS High Sierra 10.13.1 (and 10.13.2) that allowed you to enter a Mac as root without a password. It was enough just to enter 'root' in the login line, and the system let you through without a password. Even if a password is set on the user's main account, it would not prevent anyone from getting into his device.
Apple has already released Security Update 2017-001 targeting macOS High Sierra 10.13.1 and later. It will fix this bug.
The update can be downloaded now on Mac App Store. After installing the update, the problem will be resolved, so we strongly recommend updating as soon as possible.