Update: Apple has released an update to fix this issue -install it!
Yikes
Running macOS – High Sierra?
In case you haven’t heard yet you (or someone else) can login as root without any password at all.
To fix this util Apple pushes a patch -enable the root user (if disabled) and set a strong password.
https://support.apple.com/en-us/HT204012