This paper discusses a vulnerability in WPS that allows attackers to recover WPA/WPA2 keys in a matter of hours.
You can download it from the following link: https://packetstormsecurity.com/files/download/108224/viehboeck_wps.pdf
Source: https://packetstormsecurity.com/files/108224/Brute-Forcing-Wi-Fi-Protected-Setup.html