Hello Daniel, sorry for the very, very late answer to your bug report.
This problem still exists in current Sympa and I actually suspect that you are correct and this a problem with Cookie handling. It actually results in *changing* the current password. Regards Racke -- Ecommerce and Linux consulting + Perl and web application programming. Debian and Sympa administration. Provisioning with Ansible.