I don't know of a serious non-dictionary attack on WPA - I read something about WPA hashing collisions that I didn't really understand, but I don't think it's a real attack, more a potential reduction in the brute-force workload (which would still be very high).