The bug, found by Lemi Ergin, was originally posted to twitter on Tuesday morning. To replicate the bug, simply navigate to any prompt that requires elevated authentication, and replace the username with “root”, while leaving the password blank. Then repeatedly click unlock until it lets you through.
A temporary fix is to enable the root superuser with a password, although this is a stop gap measure. Apple is expected to publish a hotfix soon, with a patch for this major security vulnerability.
Additionally, you could change the root password from terminal with
sudo passwd -u root