Update 11/29 – looks like Apple has released a patch.
“Wow, this is a bad one. On Macs running the latest version of High Sierra — 10.13.1 (17B48) — it appears that anyone can log in just by putting “root” in the user name field. This is a huge, huge problem. Apple will fix it probably within hours, but holy moly. Do not leave your Mac unattended until this is resolved.”
The article has a statement from Apple with a workaround that involves going ahead and creating the root user and giving it a password and I’m sure there will be a fix forthcoming, but yeah, be careful with this one!