diff --git a/network/tidb-native-password-bruteforce.yaml b/network/tidb-native-password-bruteforce.yaml
new file mode 100644
index 0000000000..a72290581b
--- /dev/null
+++ b/network/tidb-native-password-bruteforce.yaml
@@ -0,0 +1,20 @@
+id: tidb-native-password-bruteforce
+
+info:
+  name: TiDB DB with enabled native password
+  author: lu4nx
+  severity: info
+  description: TiDB is fully compatible with the MySQL 5.7 protocol and the common features and syntax of MySQL 5.7. TiDB instance with enabled native password support prone vulnerable for password brute-force attack.
+  tags: network,tidb,bruteforce,db
+
+network:
+  - host:
+      - "{{Hostname}}"
+      - "{{Hostname}}:4000"
+
+    matchers:
+      - type: word
+        words:
+          - "mysql_native_password"
+          - "TiDB"
+        condition: and