Stefan has published a paper describing a vulnerability in WPS that allows attackers to recover WPA/WPA2 keys in a matter of hours
Wi-Fi Protected Setup PIN brute force vulnerability .braindump – RE and stuff

Code has been posted to implement the attack:
Tactical Network Solutions - News - Cracking WiFi Protected Setup with*Reaver

Source: Full Disclosure: WiFi Protected Setup attack code posted