Just out of curiosity, I disabled the user registration tracker and the login CAPTCHA then works.
So apparently the issue lies somewhere with the combination of the login CAPTCHA and the User Tracker. Could it be a permissions issue with the user tracker? I thought those permission were handled differently than regular trackers.
UPDATE: I don't know if this is related but I'm not getting specific error messages either. i.e. if the user enters a username that is already taken, I don't get the "User already exists" message, nor do I get "The passwords don't match" if the passwords don't match.
UPDATE 2: The login error messages not displaying was a bug introduced from v2.2 into v2.3. It has now been fixed for the next release.