Since this is out there, and the original finder did not go through responsible disclosure. Figured i'd post it here so at least admins are aware.
Dear @AppleSupport, we noticed a HUGE security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?
This works on User & Admin accounts.
That being said, if you enable root and have a password on it. You're not affected. If you don't it'll enable root and create an account.
Enabling a root password however may cause you more tech debt down the line.