Almost everything, in some sense or another, is vulnerable to brute force. It’s just a matter of how long it takes for something to be brute forced that tends to it’s security. I found it pretty interesting that there are now online WPA crackers that will mount dictionary attacks against captured WPA authentication handshakes:

and even one that you pay for that claims to offer 400 CPU’s and a 135 million word dictionary list tailored to WPA passwords

Just goes to say that in due time, no matter how impossible it seems, dictionary attacks will likely be feasible in sooner time than one would think;all the more reason to use an entirely random WPA password.