In that Guild Menu there is a little security gap. Since it isn't checking the onetimepassword. Don't know who commented it out.
Fix:
1. Open client\guild\login.aspx.cs
2. Replace
Code:
cmd.CommandText = "SELECT name, guild_id, otp_date FROM Character WITH(NOLOCK) WHERE sid=@avatarId AND account_id=@accountId";// AND otp_value=@passWord AND datediff(s, otp_date, getdate()) < 30";
with
Code:
cmd.CommandText = "SELECT name, guild_id, otp_date FROM Character WITH(NOLOCK) WHERE sid=@avatarId AND account_id=@accountId AND otp_value=@passWord AND datediff(s, otp_date, getdate()) < 30";
3. Press Save
Otherwise everyone is able to login as guildleader with webbrowser in minutes.