Almost everything, in some sense or another, is vulnerable to brute force. It’s just a matter of how long it takes for something to be brute forced that tends to it’s security. I found it pretty interesting that there are now online WPA crackers that will mount dictionary attacks against captured WPA authentication handshakes:

http://wpa.darkircop.org/

and even one that you pay for that claims to offer 400 CPU’s and a 135 million word dictionary list tailored to WPA passwords

https://www.wpacracker.com/

Just goes to say that in due time, no matter how impossible it seems, dictionary attacks will likely be feasible in sooner time than one would think;all the more reason to use an entirely random WPA password.