As we have several endpoints that can interact the password, it would be nice to have a section in the documentation dedicated to resetting password by admin users.
For resetting the password of a user, you need a token $TokenWithPrivilege which has the privilege for editing the password to other users. Then, you can use the update identity endpoint without the old password.
Forgotten password is for resetting your password.
Changing password is for changing your password, which mean that you need to know your old password.
Resetting password for other users can be done with the update identity endpoint (see above).