Sounds unbelievable but it is true. Use the username “root” and hit enter in the password field (i.e. no password) and you have full local admin access! So until it is fixed you physical security will be critical. Maybe a good idea not to travel with the mac. The Apple ecosystem is supposed to be one of the most secure but.. Even Android would (probably) not be that relaxed.
But it works from the login page. Select “Other User”, type in Root as the username, hit enter in the password field (may need to do this a few times) and .. you are in!