Yes, that is correct on the newer Debian versions, However, my opinion only, but I think it is rather naive, and silly to not set a root password when installing.Nice! I wonder though, if a user opts to NOT issue a root password on install, I suspect that sudo is probably installed during the setup
If something goes wrong, like it did with the OP here, and "sudo" is not working correctly, one needs to have that option, to be able to use "su", and login as root, if they did not set a root password, it is some what more complicated to get root access, all though still possible, I never can understand why so many people like to make things more complicated, not having a root password, nor being able to use 'su', can make things more complicated.
It does nothing to improve security by not having a root password, if some one wants to access the system, as root , it is still very much possible, and in some ways, "sudo" makes it easier. For example,... all I need is to know the username, and their password, then I can login as that user, "sudo", password, and do what ever I want, maybe edit the "fstab" file, just to be mean , or modify the sources.list so it includes ubuntu repos,...etc...
Also a user that does not know what they are doing can do as much damage using "sudo", as they might using "su"....