The bug is present in macOS High Sierra 10.13.1 and the current beta 10.13.2, according to the MacRumors website.
It was discovered by researcher Lemi Orhan Ergin.
The bypass does not work on systems where a password has been set for the root account; hence one workaround is to set a password for root.
You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use "root" with no password. And try it for several times. Result is unbelievable! pic.twitter.com/m11qrEvECs— Lemi Orhan Ergin (@lemiorhan) 28 November 2017
“We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorised access to your Mac," it said in a statement.
"To enable the Root User and set a password, please follow the instructions here. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”