This security flaw present in macOS 10.13.1 was discovered by developer Lemi Orhan Ergan on Twitter. Apple is yet to release a patch for it, but has released a work around on their support page. Basically you can change the root password or disable the root user all together. Apple advises that you disable the root user since that’s reserved for system administrative tasks.
Enable or disable the root user
Change the root password
Image: howtogeek.com