Inspected that a bit more - turns out, it does not mistype the password, but actually types the username (which happens to be one char shorter than the password)
The entire thing was tracked down to a product change on October 10, when the DM selection changed from /etc/sysconfig to update-alternative managed DM. This happened to replace KDM with SDDM on upgrade from 13.2 to TW; Since the needles all were good though, this was not immediately recognized as being a notable change.
The major difference though is that KDM expects the username to be typed and the username in openQA happens to be one char shorter than the password (which gave the impression that the password is just being mistyped)
I now removed DM_NEEDS_USERNAME=1 from the update_13.2 test suite, which means we can update to TW from 13.2 and it will cope with sddm being present, not asking for a password.
Snapshot 1117 will be the first to be running with this changed configuration (I don't want to postpone 1116 even longer by retriggering this test)