1.Set mysql default auth plugin to caching_sha2_password.
2.create user 'nopass'@'%' identified with mysql_native_password by '';
3. login with -u nopass.
The function send_mysql_native_password_response didn't handle user with empty password, it just add a 20-bytes scramble regardless of whether the password is null.
After add some ugly code(see attachment), it worked for me.