Could that be the cause of our problem?
That very well could be.
WP-Members includes native WP hooks during the login process so that adding additional authentication elements (such as captcha) can be used. However, whatever the additional process is, it needs to be something that loads on the front end and not only wp-login.php. That part is up to the third-party addition and how it is built as to whether it’s front-end compatible or not. I don’t know if that’s the source of the specific problem you’re having, but it’s something to keep in mind.
I’d at least start by testing without the additional captcha to see if you’re on the right track or not.
Another possibility can be server-side caching. In the past, there has been an issue with Varnish on front end login that produces behavior as you’ve described. Varnish is only compatible if you can put in an exception for you login page – and in that type of instance, you need to do all login via the excepted page so that it’s not caching the login, and that means configuring the plugin to redirect blocked content to a login page (see https://rocketgeek.com/plugins/wp-members/docs/api-functions/wpmem_redirect_to_login/ for customizing with the wpmem_redirect_to_login() function).
