The problem with KPM, Ledger’s researcher explains, is also what differentiated it from other password managers out there: in an attempt to create passwords that are as far away as possible from those generated by humans, the application became predictable.
The passwords appeared to have been created so as to prevent cracking from commonly used password crackers. The employed algorithm, however, allowed an attacker who knew that the passwords were generated using KPM to create the most probable passwords generated by the utility, Bédrune says.
What? That isn’t the problem at all. The problem is that the password was basically an obfuscated version of the generation time with second resolution.
This was also fixed a year ago, seems like a pretty shit article.