A two-step approach to changing passwords eliminates the need to use either term (see below). However, if you’re going to use a single-form approach, I’d recommend “current” as it’s more accurate.
Google uses a two-step approach to changing password. First, they ask for “your password”:
Then, after verifying your password, they ask for your new password (with a confirmation):
If you’re going to stay with a one-screen approach, I would recommend using “Current password” since at the time the user enters this password it’s their current password, not their old password. This is the approach and terminology used by both Facebook and Twitter (among others).
Confirmation and/or a “Show password” toggle
Google, Facebook, and Twitter all make you confirm/retype your new password when completing a password change. Only Google has a toggle to show the password you’ve just typed. The more I read and think about password fields, the more I’m convinced that including a “Show password” link or checkbox should be included in password fields.