The problem with KPM, Ledger’s researcher explains, is also what differentiated it from other password managers out there: in an attempt to create passwords that are as far away as possible from those generated by humans, the application became predictable.
The passwords appeared to have been created so as to prevent cracking from commonly used password crackers. The employed algorithm, however, allowed an attacker who knew that the passwords were generated using KPM to create the most probable passwords generated by the utility, Bédrune says.
Oh it wasn’t mentioned in the article, all it had was “Kaspersky started releasing patches in 2019, but it only published an advisory in April 2021.”
Yes, it is a bit confusing imho, the article you posted urges users to upgrade which makes it seem this is only patched recently. The other article (from my comment above) is this one : https://donjon.ledger.com/kaspersky-password-manager/ which shows :