Joe Rossignol for MacRumors:
A bug report submitted on Open Radar this week reveals a security vulnerability in the current version of macOS High Sierra that allows the App Store menu in System Preferences to be unlocked with any password.
As mentioned in the radar, System Preferences does not accept an incorrect password with a non-administrator account. We also weren’t able to unlock any other System Preferences menus with an incorrect password.
We’re unable to reproduce the issue on the third or fourth betas of macOS High Sierra 10.13.3, suggesting Apple has fixed the security vulnerability in the upcoming release. However, the update currently remains in testing.
Apple has really been dropping the ball with these breaches lately. Though App Store preferences are not as concerning as say, access to the whole system, the reality is still unacceptable.