If you have a Mac with High Sierra on it, you are possibly at risk to a pretty bad bug.
At first it was being reported that this was only with physical access, but people have been able to do it remotely if you have VNC/RDP/Desktop Sharing stuff set up.
Best thing you can do now is set a root password to prevent the blank password default from taking over.
or if you are comfortable in the terminal, change the root password with the following command
sudo passwd root to set a non-blank password.