After clicking unlock several times, it should eventually open up, no passwords necessary. You really shouldn't leave your Mac unattended at all until Apple fixes this, and you should shut off guest access for your device.
By heading to your device's System Preferences, under Users & Groups, you can click on the lock and get hit with a prompt asking for a username and password to change settings.
Security issues with your products are never a good thing and when you have a user publically Tweet about one, it makes you move.
IBT reached out to Apple for comment regarding the discovery of the security vulnerability but did not receive a response at the time of publication. Those running previous versions of MacOS including Sierra and Yosemite do not appear to be affected by the bug.
As of now, it's unclear how something like this could have slipped past Apple and Apple tends to keep errors like this under wraps and doesn't disclose much about them. Enter the administrator name and password.
Enter "root" again with no password. Then from the menu bar at the top of the screen, click on the "Edit" menu and choose "Enable Root User". Some users have reported triggering the exploit from the login screen, but we could only consistently recreate the issue from System Preferences.
Despite suggestions that the flaw can be mitigated by disabling the computer's guest account, this will not work - it simply restarts the computer with Safari the only application running.
Once a password has been set for the "root" account, the flaw that allows a person to login as "root" with no password will no longer work.