The ISC shares a new WPS vulnerability where brute force PIN attacks could potentially be used to gain unauthorized access
Wi-Fi Protected Setup (WPS) PIN Brute Force Vulnerability
QUOTE: Wi-Fi Protected Setup (WPS) is a Wi-Fi Alliance specification (v1.0 – available since January 2007) designed to ease the process of securely setup Wi-Fi devices and networks. A couple of days ago US-CERT released a new vulnerability note, VU#723755, that allows an attacker to get full access to a Wi-Fi network (such as retrieving your ultra long secret WPA2 passphrase) through a brute force attack on the WPS PIN. The vulnerability was reported by Stefan Viehböck and more details are available on the associated whitepaper. In reality, it acts as a “kind of backdoor” for Wi-Fi access points and routers. The quick and immediate mitigation is based on disabling WPS.
More on WPS Security – Pros & Cons
Wi-Fi Best Practices and Protection Resources