In case you missed the news…
Originally shared by +Vlad Markov
If you have a High Sierra Mac OS, make sure to fix this bug, steps to fix, if you have administrator privileges:
macbook:user1$ sudo passwd root
Password: <your user1 password>
Changing password for root.
New password: <new password for root>
Retype new password: <new password for root>
Major macOS High Sierra Bug Allows Full Admin Access Without Password – How to Fix [Updated]
Apple patch published last night fixes it. Just do "About this Mac" in the Apple menu top left, then "Software Update…" button. Official explanation (scroll)… https://support.apple.com/en-us/HT208315