The newly discovered bug allows anyone who knows the security hole to access the root user ("superuser") and get full access to a Mac without password. By installing on a Mac with High Sierra, simply type "root "As username, click on the password field, leave it blank, and then log in. This activates a root user without a password, and works from both user account settings in System Preferences and from the login screen.
Macrumors were the first to rewrite the problem after developer Lemi Ergin has noted the security issue on Twitter.
You can access it via System Preferences> Users & Groups> Click on the lock to make changes. Then use "root" with no password. times. Result is unbelievable! pic.twitter.com/m11qrEvECs
– Lemi Orhan Ergin (@lemiorhan) November 28, 2017
Macrumors Describe r how the problem can be tested on your own mac:
first Open System Preferences and touch Users and Groups
2. Touch the lock and enter your password to make changes
3. Type "root" as username
4. Touch the solving field but enter nothing.
5. Press "Unlock", then you should have access to a new administrator account.
If this is done, we can directly tap "Other" from the login screen and log in to a new root user. The security gap is in the High Sierra 10.13.1 and in beta version of 10.13.2.
Apple has announced in a statement to Macrumors that you are working on a software update that will solve the problem. Until then, the council is to create a new root user with a password, which prevents others from creating a new root user without a password.