I just saw this on Victoria Derbyshire with Rory Cellan-Jones. How on earth can this happen - have they not heard of testing before release? Does not happen on any of my Linux systems
Good question!
I don't think Root ever had a password by default on Mac OS, it was just rendered inaccessible by default. You couldn't login directly as Root and if you wanted to do something as Root from command line, you used 'sudo', and confirmed with your own user password. You could manually enable Root, and assign a password, after which you could login from the GUI or su from the command line, but enabling Root involved a few non-obvious steps. High Sierra seems to have Root enabled by default (though interestingly, su from the command line does not seem to work with the default configuration).
Another thing that seems to have changed is, on the main login GUI, in addition to Icons for each configured user there is one called 'other' which allows you to login by typing a user name, including Root. I don't think 'other' was present on the login GUI before, even with Root enabled, but not certain.
Pure speculation, but this new configuration would be very useful to Apple developers and testers pre-release, as it would allow them to sometimes rescue a damaged system. Don't suppose it was enabled temporarily during dev, and they just forgot to disable it before release?
Thought some of you'd be amused though, including you, Stuart.