I haven’t personally verified but theres a few articles out there such as from the register confirming this, and there’s no reason it wouldn’t Apple is setting the root password to be blank so anything which takes a username and password should work, except SSH because that doesn’t allow root login at all, and I am fairly sure doesn’t allow blank passwords either.
Basically the issue appears to be that by default Apple disables the root user, if you try to login as root it enables the user and incorrectly sets the password to nothing, this mean the second time you try it lets you in.
The issue is that the obvious thing to do is disable root, but it will be reenabled again by testing. You need to set a root password and not disable it. Like a really really really secure one.