Unauthorized user can easily gain unfettered administrative (or root) control on your Mac without any password or security check. Apple is reportedly working on a fix for the bug, which is as easy as its exploit. The flaw can be exploited in several ways depending on the setup of the targeted Mac. With full-disk encryption disabled, a rogue user can turn on a Mac that’s entirely powered down and log in as root by doing the same trick. With that (after a few tries in some cases) macOS High Sierra logs the unauthorized user in with root privileges.
Source: https://thehackernews.com/2017/11/mac-os-password-hack.html