Apple will be issuing Software Update to disable “root” user which is inadvertently enabled by default with blank password in macOS High Sierra.
To disable “root” user, follow the instruction from Apple or the instruction below:
Disable the root user
Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).Click the Lock, then enter an administrator name and password.
Click Login Options.
Click Join (or Edit).
Click Open Directory Utility.
Click the Lock in the Directory Utility window, then enter an administrator name and password.
From the menu bar in Directory Utility: Choose Edit > Disable Root
In previous incarnations of macOS/OS X/Mac OS X, “root” user is disabled by default.
Note:
Anyone with physical access to your Mac potentially can reset your password.