A significant security vulnerability has been discovered with macOS High Sierra, potentially allowing any person to log into a Mac with full root administrative capabilities without a password.

There are two approaches to preventing root login without a password on a MacOS High Sierra machine, you can use Directory Utility or the command line. 

Using Directory Utility to Lock Down Root

1. Open Spotlight on the Mac by hitting Command+Spacebar (or clicking the Spotlight icon in the upper right corner of the menubar) and type in “Directory Utility” and hit return to launch the app

2. Click the little lock icon in the corner and authenticate with an admin account login

3. Now pull down the “Edit” menu and choose “Change Root Password…” 

4. Enter a password for the root user account and confirm, then click “OK”

5. Close out of Directory Utility

If the root user account is not yet enabled, choose “Enable Root User” and then set a password instead.

Essentially all you are doing is assigning a password to the root account, meaning that logging in with root will then require a password as it should. If you do not assign a password to root this way, amazingly, a macOS High Sierra machine accepts a root login without a password at all.

Using the Command Line to Assign a Root Password

Users who would prefer to use the command line in macOS can also set or assign a root password with sudo and the regular old passwd command.

1. Open the Terminal application, found in /Applications/Utilities/

2. Type the following syntax exactly into the terminal, then hit the return key: sudo passwd root

3. Enter your admin password to authenticate and hit return

4. At “New password”, enter a password you won’t forget, hit return, and confirm it

Be sure to set the root password to something you will remember, or perhaps even matching your admin password.