Hi,
today in a fresh installation I created the first user, with its username and its password.
The I went to the user web panel and (for mistake) I use the user's username and root's password, then .... I got correctly logged in!
I tried to replicate the behavior on a new installation, and I got the same problem.
User can successfully login both with its own password and root's password as well... how can it be??